Bump axe-core from 4.1.3 to 4.2.0

[dependabot]

Bumps axe-core from 4.1.3 to 4.2.0.

Release notes

Sourced from axe-core's releases.

Release 4.2.0

Features

• add axe.frameMessenger with configurable allowedOrigins (#2880) (b27bab3)
• aria-allowed-attr: add ARIA 1.2 prohibited attrs check (#2764) (4a77e88)
• empty-table-header: new rule to flag empty table headers (#2811) (813ee7e)
• frame-focusable-content: new rule to test iframes with tabindex=-1 do not have focusable content (#2785) (aeb044c)
• locale: missing translations for DE (#2704) (f312994)
• locale: Polish translation (#2677) (c46979f)
• nested-interactive: new rule to flag nested interactive elements (#2691) (13a7cf1)
• role-text: add role-text rule (#2702) (7c05162)
• setup/teardown: add functions to setup and teardown axe-core internal data, deprecate axe._tree (#2738) (9d19f24)
• standards: add graphics roles (#2761) (22032cc)
• standards/aria-roles: add presentational children property (#2689) (78c239c)
• utils.getRule: add function to get rule by id (#2724) (9d0af53)
• utils/matches: support selectors level 4 :not and :is (#2742) (21d9b0e)
• virtual-node: add attrNames property which returns list of attribute names (#2741) (1d864b4)

Bug Fixes

• aria-allowed-attr: error when generic elements use aria-label and aria-labelledy (#2766) (64379e1)
• aria-required-children: allow group and rowgroup roles (#2661) (5a264e4)
• aria-required-children: only match for roles that require children (#2703) (95de169)
• aria-valid-attr-value: pass for aria-errormessage when aria-invalid is not set or false (#2721) (93a765c)
• aria-valid-attr-value: report when aria-labelledby ref is not in DOM (#2723) (116eb06)
• aria-valid-attr-value: return false when int type attribute uses invalid values (#2710) (ce9917e)
• bypass: mark as needs review rather than failure (#2818) (bb41b3e)
• focus-order-semantics: allow role=tooltip to pass (#2871) (dc526d8)
• heading-order: handle iframe as first result (#2876) (33428d8)
• respondable: Avoid message duplication with messageId (#2816) (4bd0acf)
• respondable: work on iframes in shadow DOM (#2857) (38cad94)
• avoid 'undefined' showing in check messages (#2779) (3beb0b1)
• properly translate checks when building axe.js using --lang (#2848) (76545b0)
• aria-required-parent: only match for roles that require parents (#2707) (ce8281e)
• color-contrast: account for text client rects that start outside the parent container (#2682) (a4e4a34)
• color-contrast-matches: do not pass empty string to getElementById (#2739) (0b0fec2)
• frame-title: update rule description to be more descriptive (#2735) (159e25b)
• heading-order: allow partial context to pass (#2622) (f8baee6)
• landmark-complementary-is-top-level: allow aside inside main (#2740) (9388c96)
• metadata: consistenct use of 'must' and 'should' (#2770) (603b612)
• region: allow role=alertdialog as region (#2660) (b928df7)
• select-name: fix typo in accessible name help (#2676) (6b916b9)
• to-grid/get-headers: work with rowspan=0 (#2722) (508190b)
• types: Add noHtml option (#2810) (c03c826)
• utils: fix warning thrown by Webpack (#2843) (0826177), closes #2840
• utils: remove attributes from source string (#2803) (8e8c4fa)
• add noHtml to axe.configure (#2789) (5c8dec8)
• do not allow postMessage with axe version of x.y.z (#2790) (5acda82)

... (truncated)

Changelog

Sourced from axe-core's changelog.

4.2.0 (2021-04-23)

Features

• add axe.frameMessenger with configurable allowedOrigins (#2880) (b27bab3)
• aria-allowed-attr: add ARIA 1.2 prohibited attrs check (#2764) (4a77e88)
• empty-table-header: new rule to flag empty table headers (#2811) (813ee7e)
• frame-focusable-content: new rule to test iframes with tabindex=-1 do not have focusable content (#2785) (aeb044c)
• locale: missing translations for DE (#2704) (f312994)
• locale: Polish translation (#2677) (c46979f)
• nested-interactive: new rule to flag nested interactive elements (#2691) (13a7cf1)
• role-text: add role-text rule (#2702) (7c05162)
• setup/teardown: add functions to setup and teardown axe-core internal data, deprecate axe._tree (#2738) (9d19f24)
• standards: add graphics roles (#2761) (22032cc)
• standards/aria-roles: add presentational children property (#2689) (78c239c)
• utils.getRule: add function to get rule by id (#2724) (9d0af53)
• utils/matches: support selectors level 4 :not and :is (#2742) (21d9b0e)
• virtual-node: add attrNames property which returns list of attribute names (#2741) (1d864b4)

Bug Fixes

• aria-allowed-attr: error when generic elements use aria-label and aria-labelledy (#2766) (64379e1)
• aria-required-children: allow group and rowgroup roles (#2661) (5a264e4)
• aria-required-children: only match for roles that require children (#2703) (95de169)
• aria-valid-attr-value: pass for aria-errormessage when aria-invalid is not set or false (#2721) (93a765c)
• aria-valid-attr-value: report when aria-labelledby ref is not in DOM (#2723) (116eb06)
• aria-valid-attr-value: return false when int type attribute uses invalid values (#2710) (ce9917e)
• bypass: mark as needs review rather than failure (#2818) (bb41b3e)
• focus-order-semantics: allow role=tooltip to pass (#2871) (dc526d8)
• heading-order: handle iframe as first result (#2876) (33428d8)
• respondable: Avoid message duplication with messageId (#2816) (4bd0acf)
• respondable: work on iframes in shadow DOM (#2857) (38cad94)
• avoid 'undefined' showing in check messages (#2779) (3beb0b1)
• properly translate checks when building axe.js using --lang (#2848) (76545b0)
• aria-required-parent: only match for roles that require parents (#2707) (ce8281e)
• color-contrast: account for text client rects that start outside the parent container (#2682) (a4e4a34)
• color-contrast-matches: do not pass empty string to getElementById (#2739) (0b0fec2)
• frame-title: update rule description to be more descriptive (#2735) (159e25b)
• heading-order: allow partial context to pass (#2622) (f8baee6)
• landmark-complementary-is-top-level: allow aside inside main (#2740) (9388c96)
• metadata: consistenct use of 'must' and 'should' (#2770) (603b612)
• region: allow role=alertdialog as region (#2660) (b928df7)
• select-name: fix typo in accessible name help (#2676) (6b916b9)
• to-grid/get-headers: work with rowspan=0 (#2722) (508190b)
• types: Add noHtml option (#2810) (c03c826)
• utils: fix warning thrown by Webpack (#2843) (0826177), closes #2840
• utils: remove attributes from source string (#2803) (8e8c4fa)
• add noHtml to axe.configure (#2789) (5c8dec8)
• do not allow postMessage with axe version of x.y.z (#2790) (5acda82)

... (truncated)

Commits

• 199eed2 Merge pull request #2886 from dequelabs/release-4.2
• 207f352 chore: Merge branch 'master' into release-4.2
• 69962a3 chore(release): 4.2.0
• b388eb3 refactor(locales): convert tabs to spaces (#2878)
• 5011239 chore: bump chromedriver lockfile (#2881)
• b27bab3 feat: add axe.frameMessenger with configurable allowedOrigins (#2880)
• 33428d8 fix(heading-order): handle iframe as first result (#2876)
• dc526d8 fix(focus-order-semantics): allow role=tooltip to pass (#2871)
• 2d33ca1 chore(deps): [security] bump y18n from 4.0.0 to 4.0.3 (#2870)
• 70d1273 chore(deps): [security] bump ini from 1.3.5 to 1.3.8 (#2869)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #323.