Github and RustSec Advisories on lexical

[jqnatividad]

Checks

• I have checked that this issue has not already been reported.

• I have confirmed this bug exists on the latest version of Polars.

Reproducible example

lexical is an active dependency

Log output

No response

Issue description

GHSA-c2hm-mjxv-89r4
https://rustsec.org/advisories/RUSTSEC-2023-0055.html

with the lexical maintainer even specifically calling out polars using lexical as one of his accomplishments:
https://github.com/Alexhuszagh

Expected behavior

replace lexical with an alternative crate/approach as detailed in the advisories

Installed versions

master

[orlp]

Yes, we're already aware of this and in the process of moving away from lexical.

[orlp]

Relevant PR: #10655.

[stinodego]

I'll close this as we're working on it and have the dependabot alert to track this.