plotly.js vulnerability #2463
Description
Per https://osv.dev/vulnerability/CVE-2023-46308
In Plotly plotly.js before 2.25.2, plot API calls have a risk of proto being polluted in expandObjectPaths or nestedProperty.
The R package currently bundles plotly.js 2.11.1 via 3c3d749
https://github.com/plotly/plotly.R/commits/master/inst/htmlwidgets/lib/plotlyjs/plotly-latest.min.js
Even if it's a heavier lift to get to the plotly.js 3.x line, it would be great to bump to something in the range of >=2.25.2 <3 to get past this CVE. Thanks!