Skip to content

Bump axe-core from 4.10.3 to 4.11.2 in /ui#19

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/ui/axe-core-4.11.2
Open

Bump axe-core from 4.10.3 to 4.11.2 in /ui#19
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/ui/axe-core-4.11.2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 2, 2026

Bumps axe-core from 4.10.3 to 4.11.2.

Release notes

Sourced from axe-core's releases.

Release 4.11.2

This release addresses a number of false positives, including ones related to target size. It adds new affordances for ARIA, and adds a clarification around the scrollable regions rule.

Bug Fixes

  • aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
  • aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
  • DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
  • existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
  • scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
  • scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
  • target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
  • target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)

Release 4.11.1

Release summary

This release addresses a number of false positives, which may result in a slightly lower number of issues reported. It also resolves a problem that caused the color contrast rule skip a page in edge cases. A page that wasn't tested because of this edge case may now be tested, and so could see new color contrast issues reported.

Lastly this rule corrects a few of the newly released RGAA tags, so when running an RGAA ruleset which rules run, and how they are mapped to RGAA is slightly different.

Bug Fixes

  • allow shadow roots in axe.run contexts (#4952) (d4aee16), closes #4941
  • color contrast fails for oklch and oklab with none (#4959) (8f249fd)
  • color-contrast: do not incomplete on textarea (#4968) (d271788), closes #4947
  • commons/color: Match browser behavior for out-of-gamut oklch colors (#4908) (5036be8)
  • don't runs rules that select html on nested html elements (#4969) (1e9a5c3)
  • replaced luminance threshold constant 0.03928 with 0.04045 (#4934) (316967d), closes #4933
  • rgaa: adjust mapping of aria-hidden-* and valid-lang (#4935) (77571f2)
  • valid-lang: update valid-langs for newer language codes (#4966) (c3f5446), closes #4963

Release 4.11.0

This release adds the new RGAA standard to many rules. Of particular note is that some best practice rules under WCAG are required under the RGAA standard: focus-order-semantics (experimental), region, skip-link, table-duplicate-name. This means that these rules are tagged as both best-practice and RGAAv4. Applications which are filtering rules based on the best-practice tags will need to update the logic in order to handle RGAA rules that are tagged best-practice.

Features

  • add RGAA tags to rules (#4862) (53a925a)
  • aria-prohibited-attr: add support for fallback roles (#4325) (62a19a9)
  • axe.d.ts: add nodeSerializer typings (#4551) (a2f3a48), closes #4093
  • DqElement: deprecate fromFrame function (#4881) (374c376), closes #4093
  • DqElement: Truncate large html strings when the element has a large outerHTML string (#4796) (404a4fb), closes #4544
  • get-xpath: return proper relative selector for id (#4846) (1035f9e), closes #4845
  • i18n: Add Portugal Portuguese translation (#4725) (5b6a65a)
  • incomplete with node on which an error occurred (#4863) (32ed8da)
  • locale: Added ru locale (#4565) (067b01d)
  • tap: some best practice rules map to RGAA (#4895) (bc33f4c)
  • td-headers-attr: report headers attribute referencing other elements as unsupported (#4589) (ec7c6c8), closes #3987

... (truncated)

Changelog

Sourced from axe-core's changelog.

4.11.2 (2026-03-30)

Bug Fixes

  • aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
  • aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
  • DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
  • existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
  • scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
  • scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
  • target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
  • target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)

4.11.1 (2026-01-06)

Bug Fixes

  • allow shadow roots in axe.run contexts (#4952) (d4aee16), closes #4941
  • color contrast fails for oklch and oklab with none (#4959) (8f249fd)
  • color-contrast: do not incomplete on textarea (#4968) (d271788), closes #4947
  • commons/color: Match browser behavior for out-of-gamut oklch colors (#4908) (5036be8)
  • don't runs rules that select html on nested html elements (#4969) (1e9a5c3)
  • replaced luminance threshold constant 0.03928 with 0.04045 (#4934) (316967d), closes #4933
  • rgaa: adjust mapping of aria-hidden-* and valid-lang (#4935) (77571f2)
  • valid-lang: update valid-langs for newer language codes (#4966) (c3f5446), closes #4963

4.11.0 (2025-10-07)

Features

  • add RGAA tags to rules (#4862) (53a925a)
  • aria-prohibited-attr: add support for fallback roles (#4325) (62a19a9)
  • axe.d.ts: add nodeSerializer typings (#4551) (a2f3a48), closes #4093
  • DqElement: deprecate fromFrame function (#4881) (374c376), closes #4093
  • DqElement: Truncate large html strings when the element has a large outerHTML string (#4796) (404a4fb), closes #4544
  • get-xpath: return proper relative selector for id (#4846) (1035f9e), closes #4845
  • i18n: Add Portugal Portuguese translation (#4725) (5b6a65a)
  • incomplete with node on which an error occurred (#4863) (32ed8da)
  • locale: Added ru locale (#4565) (067b01d)
  • tap: some best practice rules map to RGAA (#4895) (bc33f4c)
  • td-headers-attr: report headers attribute referencing other elements as unsupported (#4589) (ec7c6c8), closes #3987

Bug Fixes

... (truncated)

Commits
  • 41093da chore(release): v4.11.2 (#5049)
  • 66c26aa chore(release): 4.11.2
  • cf8a3c0 fix(target-size): ignore widgets that are inline with other inline elements (...
  • 3d80a37 chore: add CLAUDE.md and pull request checklist (#5035)
  • a09204f chore: bump the npm-low-risk group with 6 updates (#5020)
  • 431f621 chore: bump jsdom from 27.4.0 to 28.1.0 (#5021)
  • 68aab66 test: fix chromedriver 146 failing to create session (#5026)
  • dded75a fix(existing-rule): aria-busy now shows an error message for a use with unall...
  • 69d81c1 fix(target-size): determine offset using clientRects if target is display:inl...
  • 99d1e77 fix(aria): prevent getOwnedVirtual from returning duplicate nodes (#4987)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axe-core since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump axe-core from 4.10.3 to 4.11.2 in /ui
4deb1d0 
Bumps [axe-core](https://github.com/dequelabs/axe-core) from 4.10.3 to 4.11.2.
- [Release notes](https://github.com/dequelabs/axe-core/releases)
- [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md)
- [Commits](dequelabs/axe-core@v4.10.3...v4.11.2)

---
updated-dependencies:
- dependency-name: axe-core
  dependency-version: 4.11.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants