Bootstrap 5.3.3 w/ Axios Cross-Site Request Forgery Vulnerability

[DebWasHere]

Bootstrap 5.3.3 - Uses Axios 0.24.0
"node_modules/axios": {
"version": "0.24.0",
"resolved": "https://registry.npmjs.org/axios/-/axios-0.24.0.tgz",
"integrity": "sha512-Q6cWsys88HoPgAaFAVUb0WpPk0O8iTeisR9IMqy9G8AbO4NlpVknrnQS03zzF9PGAWgO3cgletO3VjV/P7VztA==",
"dev": true,
"dependencies": {
"follow-redirects": "^1.14.4"
}
},
Axios Cross-Site Request Forgery Vulnerability - GHSA-wf5p-g6vw-rhxx
"An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information."

Is there an "easy" way for us to fix this issue painlessly in bootstrap source on our end and/or is this a really big deal and should be opened as an issue on the twbs-bootstrap public feed page?
Any appropriate guidance would be appreciated.

---

How we got here, if it matters:

Installed NPM and Node locally and am running through VS Code on Windows 10:
PS C:\custom-bootstrap> npm -v
10.5.0
PS C:\custom-bootstrap> node -v
v20.12.1

Downloaded Bootstrap 5.3.3 Source code and unzipped to sub-folder under custom-bootstrap project folder.
Ran npm install for the bootstrap package location:

PS C:\custom-bootstrap> npm install C:\custom-bootstrap\bootstrap-source\bootstrap-5.3.3 --save-dev
added 926 packages, and audited 928 packages in 1m

218 packages are looking for funding
run npm fund for details

2 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Run npm audit for details.
PS C:\custom-bootstrap> npm audit

npm audit report

axios 0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - GHSA-wf5p-g6vw-rhxx
No fix available
node_modules/axios
bundlewatch *
Depends on vulnerable versions of axios
node_modules/bundlewatch

2 moderate severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

[julien-deramond]

From our package-lock.json, it can be seen that axios is a dependency coming from bundlewatch:

"node_modules/bundlewatch": {
      "version": "0.3.3",
      "resolved": "https://registry.npmjs.org/bundlewatch/-/bundlewatch-0.3.3.tgz",
      "integrity": "sha512-qzSVWrZyyWXa546JpAPRPTFmnXms9YNVnfzB05DRJKmN6wRRa7SkxE4OgKQmbAY74Z6CM2mKAc6vwvd2R+1lUQ==",
      "dev": true,
      "dependencies": {
        "axios": "^0.24.0",

Bundlewatch is only used by our CI (or manually locally) to checks file sizes, ensuring bundled browser assets don't jump in file size; it's not embedded into the Bootstrap bundle files.
IMO, there's no need on your end to fix this issue.