Skip to content

chore(webapp)(deps-dev): bump the testing group in /webapp with 3 updates#189

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/webapp/testing-eb237e81f8
Open

chore(webapp)(deps-dev): bump the testing group in /webapp with 3 updates#189
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/webapp/testing-eb237e81f8

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026
edited
Loading

Bumps the testing group in /webapp with 3 updates: @vitest/coverage-v8, axe-core and vitest.

Updates @vitest/coverage-v8 from 2.1.8 to 4.1.4

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.4

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​vitest/coverage-v8 since your current version.


Updates axe-core from 4.10.2 to 4.11.3

Release notes

Sourced from axe-core's releases.

Release 4.11.3

This release addresses a few false positives, which may reduce the number of issues on terget-size and aria-allowed-attr.

Bug Fixes

  • aria-allowed-attr: restrict br and wbr elements to aria-hidden only (#4974) (1d80163)
  • target-size: ignore position: fixed elements that are offscreen when page is scrolled (#5066) (5906273), closes #5065

Release 4.11.2

This release addresses a number of false positives, including ones related to target size. It adds new affordances for ARIA, and adds a clarification around the scrollable regions rule.

Bug Fixes

  • aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
  • aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
  • DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
  • existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
  • scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
  • scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
  • target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
  • target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)

Release 4.11.1

Release summary

This release addresses a number of false positives, which may result in a slightly lower number of issues reported. It also resolves a problem that caused the color contrast rule skip a page in edge cases. A page that wasn't tested because of this edge case may now be tested, and so could see new color contrast issues reported.

Lastly this rule corrects a few of the newly released RGAA tags, so when running an RGAA ruleset which rules run, and how they are mapped to RGAA is slightly different.

Bug Fixes

  • allow shadow roots in axe.run contexts (#4952) (d4aee16), closes #4941
  • color contrast fails for oklch and oklab with none (#4959) (8f249fd)
  • color-contrast: do not incomplete on textarea (#4968) (d271788), closes #4947
  • commons/color: Match browser behavior for out-of-gamut oklch colors (#4908) (5036be8)
  • don't runs rules that select html on nested html elements (#4969) (1e9a5c3)
  • replaced luminance threshold constant 0.03928 with 0.04045 (#4934) (316967d), closes #4933
  • rgaa: adjust mapping of aria-hidden-* and valid-lang (#4935) (77571f2)
  • valid-lang: update valid-langs for newer language codes (#4966) (c3f5446), closes #4963

Release 4.11.0

This release adds the new RGAA standard to many rules. Of particular note is that some best practice rules under WCAG are required under the RGAA standard: focus-order-semantics (experimental), region, skip-link, table-duplicate-name. This means that these rules are tagged as both best-practice and RGAAv4. Applications which are filtering rules based on the best-practice tags will need to update the logic in order to handle RGAA rules that are tagged best-practice.

Features

... (truncated)

Changelog

Sourced from axe-core's changelog.

4.11.3 (2026-04-13)

Bug Fixes

  • aria-allowed-attr: restrict br and wbr elements to aria-hidden only (#4974) (1d80163)
  • target-size: ignore position: fixed elements that are offscreen when page is scrolled (#5066) (5906273), closes #5065

4.11.2 (2026-03-30)

Bug Fixes

  • aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
  • aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
  • DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
  • existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
  • scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
  • scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
  • target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
  • target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)

4.11.1 (2026-01-06)

Bug Fixes

  • allow shadow roots in axe.run contexts (#4952) (d4aee16), closes #4941
  • color contrast fails for oklch and oklab with none (#4959) (8f249fd)
  • color-contrast: do not incomplete on textarea (#4968) (d271788), closes #4947
  • commons/color: Match browser behavior for out-of-gamut oklch colors (#4908) (5036be8)
  • don't runs rules that select html on nested html elements (#4969) (1e9a5c3)
  • replaced luminance threshold constant 0.03928 with 0.04045 (#4934) (316967d), closes #4933
  • rgaa: adjust mapping of aria-hidden-* and valid-lang (#4935) (77571f2)
  • valid-lang: update valid-langs for newer language codes (#4966) (c3f5446), closes #4963

4.11.0 (2025-10-07)

Features

  • add RGAA tags to rules (#4862) (53a925a)
  • aria-prohibited-attr: add support for fallback roles (#4325) (62a19a9)
  • axe.d.ts: add nodeSerializer typings (#4551) (a2f3a48), closes #4093
  • DqElement: deprecate fromFrame function (#4881) (374c376), closes #4093
  • DqElement: Truncate large html strings when the element has a large outerHTML string (#4796) (404a4fb), closes #4544
  • get-xpath: return proper relative selector for id (#4846) (1035f9e), closes #4845
  • i18n: Add Portugal Portuguese translation (#4725) (5b6a65a)
  • incomplete with node on which an error occurred (#4863) (32ed8da)
  • locale: Added ru locale (#4565) (067b01d)
  • tap: some best practice rules map to RGAA (#4895) (bc33f4c)
  • td-headers-attr: report headers attribute referencing other elements as unsupported (#4589) (ec7c6c8), closes #3987

Bug Fixes

... (truncated)

Commits
  • c71e3dd chore(release): v4.11.3 (#5070)
  • 3ab66ba chore(release): 4.11.3
  • 5906273 fix(target-size): ignore position: fixed elements that are offscreen when pag...
  • d5a5705 refactor(frame-messenger): Guard against inherited properties as topics and c...
  • 1d80163 fix(aria-allowed-attr): restrict br and wbr elements to aria-hidden only (#4974)
  • baa580b chore: bump the npm-low-risk group with 8 updates (#5053)
  • 0463a3f chore: bump actions/upload-artifact from 6.0.0 to 7.0.0 (#5054)
  • 7e06043 chore: bump actions/download-artifact from 7.0.0 to 8.0.1 (#5056)
  • 41093da chore(release): v4.11.2 (#5049)
  • 66c26aa chore(release): 4.11.2
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axe-core since your current version.


Updates vitest from 2.1.8 to 4.1.4

Release notes

Sourced from vitest's releases.

v4.1.4

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

... (truncated)

Commits
  • ac04bac chore: release v4.1.4
  • 82c858d chore: Remove no-op function in plugin config logic (#8501)
  • d4fbb5c feat(experimental): support aria snapshot (#9668)
  • b77de96 feat(reporter): add filterMeta option to json reporter (#10078)
  • a120e3a feat(experimental): expose assertion as a public field (#10095)
  • 5375780 feat(coverage): default to text reporter skipFull if agent detected (#10018)
  • a1b5f0f fix: make expect(..., message) consistent as error message prefix (#10068)
  • 203f07a fix: use "black" foreground for labeled terminal message to ensure contrast (...
  • 2dc0d62 chore: release v4.1.3
  • 7827363 feat: add experimental.preParse flag (#10070)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for vitest since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(webapp)(deps-dev): bump the testing group
1684313 
Bumps the testing group in /webapp with 3 updates: [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8), [axe-core](https://github.com/dequelabs/axe-core) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).


Updates `@vitest/coverage-v8` from 2.1.8 to 4.1.4
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/coverage-v8)

Updates `axe-core` from 4.10.2 to 4.11.3
- [Release notes](https://github.com/dequelabs/axe-core/releases)
- [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md)
- [Commits](dequelabs/axe-core@v4.10.2...v4.11.3)

Updates `vitest` from 2.1.8 to 4.1.4
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.4/packages/vitest)

---
updated-dependencies:
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.4
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: testing
- dependency-name: axe-core
  dependency-version: 4.11.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: testing
- dependency-name: vitest
  dependency-version: 4.1.4
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: testing
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added scope:webapp Webapp (React/Vite) type:chore Chore / housekeeping labels Apr 20, 2026
@dependabot dependabot Bot requested a review from Pratiyush as a code owner April 20, 2026 06:34
@dependabot dependabot Bot added the scope:webapp Webapp (React/Vite) label Apr 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Pratiyush Pratiyush Awaiting requested review from Pratiyush Pratiyush is a code owner

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

scope:webapp Webapp (React/Vite) type:chore Chore / housekeeping

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants