Bump axe-core from 4.10.3 to 4.11.0

[dependabot]

Bumps axe-core from 4.10.3 to 4.11.0.

Release notes

Sourced from axe-core's releases.

Release 4.11.0

This release adds the new RGAA standard to many rules. Of particular note is that some best practice rules under WCAG are required under the RGAA standard: focus-order-semantics (experimental), region, skip-link, table-duplicate-name. This means that these rules are tagged as both best-practice and RGAAv4. Applications which are filtering rules based on the best-practice tag will need to update the logic in order to handle RGAA rules that are tagged best-practice.

Features

• add RGAA tags to rules (#4862) (53a925a)
• aria-prohibited-attr: add support for fallback roles (#4325) (62a19a9)
• axe.d.ts: add nodeSerializer typings (#4551) (a2f3a48), closes #4093
• DqElement: deprecate fromFrame function (#4881) (374c376), closes #4093
• DqElement: Truncate large html strings when the element has a large outerHTML string (#4796) (404a4fb), closes #4544
• get-xpath: return proper relative selector for id (#4846) (1035f9e), closes #4845
• i18n: Add Portugal Portuguese translation (#4725) (5b6a65a)
• incomplete with node on which an error occurred (#4863) (32ed8da)
• locale: Added ru locale (#4565) (067b01d)
• tap: some best practice rules map to RGAA (#4895) (bc33f4c)
• td-headers-attr: report headers attribute referencing other elements as unsupported (#4589) (ec7c6c8), closes #3987

Bug Fixes

• aria-allowed-role: add form to allowed roles of form element (#4588) (8aa47ac), closes /github.com/dequelabs/axe-core/blob/develop/lib/standards/html-elms.js#L264
• aria-allowed-role: Add math to allowed roles for img element (#4658) (95b6c18), closes #4657
• autocomplete-valid : Ignore readonly autocomplete field (#4721) (491f4ec), closes #4708
• autocomplete-valid: treat values "xon" and "xoff" as non-WCAG-violations (#4878) (52bc611), closes #4877
• axe.d.ts: add typings for preload options object (#4543) (cfd2974)
• button-name,input-button-name,input-img-alt: allow label to give accessible name (#4607) (a9710d7), closes #4472 #3696 #3696
• captions: fix grammar in captions check incomplete message (#4661) (11de515)
• color-contrast: do not run on elements with font-size: 0 (#4822) (d77c885), closes #4820
• consistently parse tabindex, following HTML 5 spec (#4637) (645a850), closes #4632
• core: measure perf for async checks (#4609) (7e9bacf)
• fix grammar when using "alternative text" in a sentence (#4811) (237a586), closes #4394
• get-ancestry: add nth-child selector for multiple siblings of shadow root (#4606) (1cdd6c3), closes #4563
• get-ancestry: don't error when there is no parent (#4617) (a005703)
• locale: fix typos in japanese (ja) locale (#4856) (3462cc5)
• locale: fixed typos in german (DE) locale (#4631) (b7736de)
• locale: proofread and updated de.json (#4643) (8060ada)
• meta-viewport: lower impact to moderate (#4887) (2f32aa5), closes #4714
• no-autoplay-audio: don't timeout for preload=none media elements (#4684) (cdc871e)
• performanceTimer: throwing in axe catch clause (#4852) (a4ade04), closes /github.com/dequelabs/axe-core/blob/e7dae4ec48cbfef74de9f833fdcfb178c1002985/lib/core/base/rule.js#L297-L300
• performanceTimer: work in frames (#4834) (d7dfebc)
• rules: Change "alternate text" to "alternative text" (#4582) (b03ada3)
• target-size: do not treat focusable tabpanels as targets (#4702) (60d11f2), closes #4421 #4701
• type: correct RuleError type (#4893) (d1aa8e2)
• types: correct raw types (#4903) (3eade11)

Changelog

Sourced from axe-core's changelog.

4.11.0 (2025-10-07)

Features

• add RGAA tags to rules (#4862) (53a925a)
• aria-prohibited-attr: add support for fallback roles (#4325) (62a19a9)
• axe.d.ts: add nodeSerializer typings (#4551) (a2f3a48), closes #4093
• DqElement: deprecate fromFrame function (#4881) (374c376), closes #4093
• DqElement: Truncate large html strings when the element has a large outerHTML string (#4796) (404a4fb), closes #4544
• get-xpath: return proper relative selector for id (#4846) (1035f9e), closes #4845
• i18n: Add Portugal Portuguese translation (#4725) (5b6a65a)
• incomplete with node on which an error occurred (#4863) (32ed8da)
• locale: Added ru locale (#4565) (067b01d)
• tap: some best practice rules map to RGAA (#4895) (bc33f4c)
• td-headers-attr: report headers attribute referencing other elements as unsupported (#4589) (ec7c6c8), closes #3987

Bug Fixes

• aria-allowed-role: add form to allowed roles of form element (#4588) (8aa47ac), closes /github.com/dequelabs/axe-core/blob/develop/lib/standards/html-elms.js#L264
• aria-allowed-role: Add math to allowed roles for img element (#4658) (95b6c18), closes #4657
• autocomplete-valid : Ignore readonly autocomplete field (#4721) (491f4ec), closes #4708
• autocomplete-valid: treat values "xon" and "xoff" as non-WCAG-violations (#4878) (52bc611), closes #4877
• axe.d.ts: add typings for preload options object (#4543) (cfd2974)
• button-name,input-button-name,input-img-alt: allow label to give accessible name (#4607) (a9710d7), closes #4472 #3696 #3696
• captions: fix grammar in captions check incomplete message (#4661) (11de515)
• color-contrast: do not run on elements with font-size: 0 (#4822) (d77c885), closes #4820
• consistently parse tabindex, following HTML 5 spec (#4637) (645a850), closes #4632
• core: measure perf for async checks (#4609) (7e9bacf)
• fix grammar when using "alternative text" in a sentence (#4811) (237a586), closes #4394
• get-ancestry: add nth-child selector for multiple siblings of shadow root (#4606) (1cdd6c3), closes #4563
• get-ancestry: don't error when there is no parent (#4617) (a005703)
• locale: fix typos in japanese (ja) locale (#4856) (3462cc5)
• locale: fixed typos in german (DE) locale (#4631) (b7736de)
• locale: proofread and updated de.json (#4643) (8060ada)
• meta-viewport: lower impact to moderate (#4887) (2f32aa5), closes #4714
• no-autoplay-audio: don't timeout for preload=none media elements (#4684) (cdc871e)
• performanceTimer: throwing in axe catch clause (#4852) (a4ade04), closes /github.com/dequelabs/axe-core/blob/e7dae4ec48cbfef74de9f833fdcfb178c1002985/lib/core/base/rule.js#L297-L300
• performanceTimer: work in frames (#4834) (d7dfebc)
• rules: Change "alternate text" to "alternative text" (#4582) (b03ada3)
• target-size: do not treat focusable tabpanels as targets (#4702) (60d11f2), closes #4421 #4701
• type: correct RuleError type (#4893) (d1aa8e2)
• types: correct raw types (#4903) (3eade11)

Commits

• 7dc4242 chore(release): v4.11.0 (#4904)
• 96927cb chore(release): 4.11.0
• 3eade11 fix(types): correct raw types (#4903)
• 8fc6520 chore(types): errorNode is SerialDqElement (#4901)
• 9e35511 chore: bump jsdom from 26.1.0 to 27.0.0 (#4900)
• 6d0cb75 chore: bump actions/setup-node from 4 to 5 (#4898)
• a0e9da4 chore: bump the npm-low-risk group with 8 updates (#4899)
• b91369a chore: sync generated files (#4897)
• bc33f4c feat(tap): some best practice rules map to RGAA (#4895)
• 670be64 test(performance-timer): reduce flakiness of tests involving actual sleeps (r...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)