chore(deps-dev): bump the patch-dependencies group with 4 updates

[dependabot]

Bumps the patch-dependencies group with 4 updates: accessibility-checker, esbuild, cssnano and @types/node.

Updates accessibility-checker from 4.0.12 to 4.0.13

Release notes

Sourced from accessibility-checker's releases.

March 4, 2026

What's Changed

Cypress

• fix(cypress): ReferenceError: err is not defined by @​davidebibm in IBMa/equal-access#2460

Extension

• fix(extension): Fixes non-functional close button issue -2457 by @​nam-singh in IBMa/equal-access#2459
• fix(extension): replace multiselect with menu button for filters by @​nam-singh in IBMa/equal-access#2474

Rules / engine

• fixrule(element_tabbable_unobscured): Don't report potentially obscured when covering content is hidden by @​tombrunet in IBMa/equal-access#2481
• feature(engine): Engine sourcemap by @​shunguoy in IBMa/equal-access#2479

Dependency updates

• build(deps): bump minimatch from 3.1.2 to 3.1.5 in /cypress-accessibility-checker by @​dependabot[bot] in IBMa/equal-access#2477
• build(deps): bump multer from 2.0.2 to 2.1.0 in /rule-server by @​dependabot[bot] in IBMa/equal-access#2476
• build(deps): bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in IBMa/equal-access#2473
• build(deps): bump minimatch in /report-react by @​dependabot[bot] in IBMa/equal-access#2472
• build(deps): bump minimatch from 3.1.2 to 3.1.5 in /accessibility-checker-extension by @​dependabot[bot] in IBMa/equal-access#2478
• build(deps): bump basic-ftp from 5.1.0 to 5.2.0 in /accessibility-checker-extension/test by @​dependabot[bot] in IBMa/equal-access#2466
• build(deps): bump ajv from 6.12.6 to 6.14.0 in /report-react by @​dependabot[bot] in IBMa/equal-access#2462
• build(deps): bump rollup from 2.79.2 to 2.80.0 in /report-react by @​dependabot[bot] in IBMa/equal-access#2471
• build(deps-dev): bump basic-ftp from 5.1.0 to 5.2.0 in /accessibility-checker-extension by @​dependabot[bot] in IBMa/equal-access#2467
• build(deps-dev): bump systeminformation from 5.30.7 to 5.31.1 in /cypress-accessibility-checker by @​dependabot[bot] in IBMa/equal-access#2461
• build(deps): bump qs from 6.14.1 to 6.14.2 in /cypress-accessibility-checker by @​dependabot[bot] in IBMa/equal-access#2458
• build(deps): bump axios from 1.13.4 to 1.13.5 in /rule-server by @​dependabot[bot] in IBMa/equal-access#2455
• build(deps): bump the npm_and_yarn group across 7 directories with 6 updates by @​dependabot[bot] in IBMa/equal-access#2480

Full Changelog: IBMa/equal-access@4.0.12...4.0.13

Commits

• c3d7b49 Merge pull request #2482 from IBMa/archive-2026-03-04
• d750d5e chore(archive): Create archive for Mar 4, 2026
• ffeffec Merge pull request #2480 from IBMa/dependabot/npm_and_yarn/accessibility-chec...
• 223602e Merge branch 'main-4.x' into dependabot/npm_and_yarn/accessibility-checker/np...
• 54fb21e Merge pull request #2479 from IBMa/engine-sourcemap
• f9278fc Merge branch 'main-4.x' into engine-sourcemap
• 7dbec7f Merge pull request #2481 from IBMa/issue-2469
• 15c2f53 If the thing covering us is empty and has no background, that's okay
• f07d939 Ignore overlapping content that's empty
• f03d28a build(deps): bump the npm_and_yarn group across 7 directories with 6 updates
• Additional commits viewable in compare view

Updates esbuild from 0.27.2 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

• Preserve URL fragments in data URLs (#4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.27.3

• Preserve URL fragments in data URLs (#4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

... (truncated)

Commits

• 9129e00 publish 0.27.3 to npm
• e20e411 small fix to release notes
• 0dc0f2d fix #4322: parse and print CSS @scope rules
• 55fe391 update firefox css gradient support
• 2c35297 update gradient lowering transform
• 9209e44 Update Go to 1.25.7 (#4388)
• e8d861b close #4374: compat table for the using feature
• 19b8887 no longer need williamkapke/node-compat-table
• 7e44218 the kangax/compat-table repo moved to a new url
• 23b9338 run make update-compat-table
• Additional commits viewable in compare view

Updates cssnano from 7.1.2 to 7.1.3

Release notes

Sourced from cssnano's releases.

v7.1.3

What's Changed

• Optimize mergeRule selector merging with WeakMap caching by @​Goodwine in cssnano/cssnano#1748

Full Changelog: https://github.com/cssnano/cssnano/compare/cssnano@7.1.2...cssnano@7.1.3

Commits

• b2e9903 Publish cssnano 7.1.3
• a9f72ef chore: update development dependencies
• 5674f7a fix(postcss-svgo: update SVGO
• c3e537a fix: update postcss-selector-parser
• 5b9af42 fix: update browserlist and autoprefixer
• c0053c8 chore: add changeset
• da88eca Optimize selector merging with WeakMap caching
• cf4fc27 chore(deps-dev): bump diff from 8.0.2 to 8.0.3
• a985c71 chore: update pnpm
• 4b2a74a chore: update to ESLint 10
• Additional commits viewable in compare view

Updates @types/node from 25.3.3 to 25.3.5

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

🔭🐙🐈 Test this branch here: https://design-system.deutschebahn.com/core-web/review/dependabot-npm_and_yarn-patch-dependencies-4afb40f346

[changeset-bot]

⚠️ No Changeset found

Latest commit: d66337c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR