Since Moq v4.20 a dependency to SponsorLink has been added. This is a project that tries to retrieve data (email addresses) from your system and sends them to an external system. This violates GDPR and the good practices of open source.
Therefore, usage is strongly discouraged.
Further reading: Reddit
<Project Sdk="Microsoft.NET.Sdk">
<ItemGroup>
<PackageReference Include="Moq" Version="4.20" />
</ItemGroup>
</Project>
The last safe version.
<Project Sdk="Microsoft.NET.Sdk">
<ItemGroup>
<PackageReference Include="Moq" Version="4.18.4" />
</ItemGroup>
</Project>