clone bootstrap repository

[RockyMdee32]

Note: I could not screen shot my command prompt so I paste it in the form of code

I try clone the bootstrap repository like this

C:\Users\Robert Mdee\Desktop\web programming\Bootstrap\Bootstrap documentation\Contribute>git clone https://github.com/twbs/bootstrap.git
Cloning into 'bootstrap'...
remote: Enumerating objects: 202660, done.
remote: Counting objects: 100% (395/395), done.
remote: Compressing objects: 100% (281/281), done.
remote: Total 202660 (delta 234), reused 161 (delta 112), pack-reused 202265 (from 5)
Receiving objects: 100% (202660/202660), 246.19 MiB | 1.44 MiB/s, done.
Resolving deltas: 100% (130876/130876), done.
Updating files: 100% (755/755), done.

Then I do npm install like this

C:\Users\Robert Mdee\Desktop\web programming\Bootstrap\Bootstrap documentation\Contribute>cd bootstrap

C:\Users\Robert Mdee\Desktop\web programming\Bootstrap\Bootstrap documentation\Contribute\bootstrap>npm install
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/config-array instead
npm warn deprecated [email protected]: You or someone you depend on is using Q, the JavaScript Promise library that gave JavaScript developers strong feelings about promises. They can almost certainly migrate to the native JavaScript promise now. Thank you literally everyone for joining me in this bet against the odds. Be excellent to each other.
npm warn deprecated
npm warn deprecated (For a CapTP with native promises, see @endo/eventual-send and @endo/captp)
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/object-schema instead
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: This version is no longer supported. Please see https://eslint.org/version-support for other options.

added 912 packages, and audited 913 packages in 4m

231 packages are looking for funding
  run `npm fund` for details

1 high severity vulnerability

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

notice that 1 high severity vulnerability.

I do npm audit and get

C:\Users\Robert Mdee\Desktop\web programming\Bootstrap\Bootstrap documentation\Contribute\bootstrap>npm audit
# npm audit report

ip  *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
No fix available
node_modules/ip

1 high severity vulnerability

Some issues need review, and may require choosing
a different dependency.

Is there a way I can fix that 1 high severity vulnerability problem? since according to copilot it says I shouldn't ignore it.

[pavlo-liapin]

There is no easy fix at the moment because the ip library hasn't had an official release with the patch yet, even though it's highly requested by the community (see discussion here). Once a new version is available, Bootstrap will automatically pick up the update when dependencies are refreshed.

That said, there's no real cause for concern - this package is only used in Bootstrap's development and is listed under devDependencies, meaning it has no impact on the final Bootstrap library. It is only used for running Karma tests locally, where it helps retrieve the machine's IP address for the test runner.

For now, we just need to wait for the official update, but this won't affect anyone using Bootstrap in production or working on their own forks.