macOS 13 has depreceted sprintf and vsprintf.  For most (but not all)
uses from C/C++ there is a compiler warning

warning: 'sprintf' is deprecated: This function is provided for compatibility reasons only.  Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead. [-Wdeprecated-declarations]

'man sprintf' on that platform ends

     Always use the proper secure idiom:

           snprintf(buffer, sizeof(buffer), "%s", string);

but note that may not work if the first argument is a pointer into a buffer,
and sizeof(buffer) may not be computed as intended (for example,
if 'buffer' is a pointer and not an array) and so it is better
to use an explcit value.

Some compilers (at least gcc 13) will warn if the 'size' in an snprintf call
exceeds the size of the buffer.

Once the declaration is hidden or removed, compilation will fail as C++
always requires a declaration and Apple clang also requires one for C.

R-devel reports these issues on all platforms:

    - The use of sprintf and vsprintf from C/C++ has been deprecated in
      macOS 13 and is a known security risk.  R CMD check now reports
      (on all platforms) if their use is found in the compiled code:
      replace by snprintf or vsnprintf. [*NB:* whether such calls get
      compiled into the package is platform-dependent.]

This reports some uses on macOS which do not currently give compilation
warnings: there have been a very few packages with calls which get 
optimized out on Linux but not macOS.

Normally calls to [v]sprintf are not reported if they are in a library to
which the package is linked.  (There can be exceptions for packages with
src/Makefile's and static libraries.)  However, there will be reports
from non-system headers (including those LinkedTo in other packages)
included by C and C++ code: do report those to the
authors of such headers and consider including a modified version of the
header in your own package.