Bump axe-core from 4.11.1 to 4.11.2 in /thirdparty/WCAG

[dependabot]

Bumps axe-core from 4.11.1 to 4.11.2.

Release notes

Sourced from axe-core's releases.

Release 4.11.2

This release addresses a number of false positives, including ones related to target size. It adds new affordances for ARIA, and adds a clarification around the scrollable regions rule.

Bug Fixes

• aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
• aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
• DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
• existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
• scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
• scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
• target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
• target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)

Changelog

Sourced from axe-core's changelog.

4.11.2 (2026-03-30)

Bug Fixes

• aria-valid-attr-value: handle multiple aria-errormessage IDs (#4973) (9322148)
• aria: prevent getOwnedVirtual from returning duplicate nodes (#4987) (99d1e77), closes #4840
• DqElement: avoid calling constructors with cloneNode (#5013) (88bc57f)
• existing-rule: aria-busy now shows an error message for a use with unallowed children (#5017) (dded75a)
• scrollable-region-focusable: clarify the issue is in safari (#4995) (2567afd), closes WebKit#190870 WebKit#277290
• scrollable-region-focusable: do not fail scroll areas when all content is visible without scrolling (#4993) (240f8b5)
• target-size: determine offset using clientRects if target is display:inline (#5012) (69d81c1)
• target-size: ignore widgets that are inline with other inline elements (#5000) (cf8a3c0)

Commits

• 41093da chore(release): v4.11.2 (#5049)
• 66c26aa chore(release): 4.11.2
• cf8a3c0 fix(target-size): ignore widgets that are inline with other inline elements (...
• 3d80a37 chore: add CLAUDE.md and pull request checklist (#5035)
• a09204f chore: bump the npm-low-risk group with 6 updates (#5020)
• 431f621 chore: bump jsdom from 27.4.0 to 28.1.0 (#5021)
• 68aab66 test: fix chromedriver 146 failing to create session (#5026)
• dded75a fix(existing-rule): aria-busy now shows an error message for a use with unall...
• 69d81c1 fix(target-size): determine offset using clientRects if target is display:inl...
• 99d1e77 fix(aria): prevent getOwnedVirtual from returning duplicate nodes (#4987)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)