Our Axios mocking library, moxios, has a dependency on a vulnerable version of axios, our http request library. Looking at the commits and comments in the bug tracker, it looks like there won't be an update to the dependency any time soon. So we need to mock it differently, either with pure Jest or by using a different Axios mocking library, e.g. [[ https://www.npmjs.com/package/axios-mock-adapter | axios-mock-adapter ]]
This is not a critical security issue, as the outdated dependency is a dev dependency. But we should fix it nevertheless to avoid becoming blind to GitHub package warnings.