Patch read_rds for CVE-2024-27322

[Moohan]

I wonder if it would be possible for readr to somehow patch read_rds to mitigate the exploit CVE-2024-27322 - This is patched in R 4.4.0 so the obvious fix is to use that but our organisation (and I'm sure there are others who are similar) is slow moving and might take a while to roll out the new version of R for us to use. At the same time users are able to install packages / package updates, so (if it's possible) patching read_rds would be a great way to mitigate this exploit for many users.

[hadley]

I don't think there's any way to patch this outside of R itself because the internal implementation for readRDS uses a bunch of internal APIs that are not accessible from a package. We (Posit) are exploring making patched versions of R itself, which you can track in rstudio/r-builds#218.