chore(deps): update dependency lighthouse to v9

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
lighthouse	dependencies	major	6.0.0 -> 9.3.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability
Critical	9.8	CVE-2021-3918
Critical	9.8	CVE-2021-44906
High	7.5	CVE-2021-3807
High	7.5	CVE-2022-24771
High	7.5	CVE-2022-24772
High	7.5	CVE-2022-24999
High	7.5	CVE-2022-25851
High	7.5	CVE-2022-3517
High	7.2	CVE-2021-23337
Medium	6.6	WS-2022-0008
Medium	6.1	CVE-2022-0122
Medium	5.5	CVE-2020-8175
Medium	5.3	CVE-2020-28500
Medium	5.3	CVE-2022-24773
Medium	5.3	CVE-2022-33987
Medium	4.3	CVE-2021-21366

---

Release Notes

GoogleChrome/lighthouse (lighthouse)

v9.3.0

Compare Source

Full Changelog

We expect this release to ship in the DevTools of Chrome 100, and to PageSpeed Insights within 2 weeks.

Notable Changes

• Fixed a major bug introduced in 9.0 that broke --cli-flags-path #​13589

Core

• preload-lcp-image: enable audit (#​13599)
• ensure good and average scores start exactly at control points (#​13559)
• fr: don't throw on unknown --only-categories value (#​13499)
• inspector-issues: collect all issue types (#​13462, #​13603, #​13595)
• object-alt: remove md syntax around "alt" (#​13517)
• runner: asset manager helper (#​13519)

CLI

• remove update-notifier (#​13588)
• asset-saver: end devtoolsLog with a newline (#​13566)

Report

• allow client to configure how save-html is implemented (#​13518)

Deps

• update various runtime deps (#​13483)
• update various devDeps (#​13485)
• update robots-parser to latest (#​13554)
• update transitive deps to quiet vulnerability alerts (#​13538)
• lighthouse-stack-packs: upgrade to 1.7.0 (#​13604)
• snyk: update snyk snapshot (#​13498, #​13598)
• yargs: upgrade to 17.3.1 (#​13590)
• yargs-parser: upgrade to 21.0.0 (#​13597)

Clients

• use minimal 'url' polyfil instead of url-shim (#​13545)
• devtools: add FR runners to DevTools entry (#​13593)

I18n

• import (#​13602)

Docs

• update devtools panel throttling details (#​13504)

Tests

• add snapshot tests for cli-flags.js (#​13596)
• tweak some CI job names for clarity (#​13549)
• split devtools ci into build, web-tests and smoke jobs (#​13546)
• more targeted caching for devtools build (#​13540)
• run most smoke tests on devtools (#​13456)
• clean up and add comments to cdt layout test scripts (#​13471)
• devtools: ensure WebSQL table is populated (#​13579)

v9.2.0

Compare Source

Full Changelog

We expect this release to ship in the DevTools of Chrome 99, and to PageSpeed Insights within 2 weeks.

Notable Changes

• move no-unload-listeners to perf category (#​13497)

Core

• font-size: fix CSS selector regex (#​13455)
• fcp: handle negative request endTime (#​13452)
• legacy-javascript: update polyfilling, drop some signals (#​13482, #​13442)
• cache fetch to avoid bad polyfills (#​13476)
• check equality of computed artifacts using dependency keys (#​13430)

⛏️👷 Fraggle Rock

Support for auditing user flows (#​11313)

• compute timespan saving with observed throughput (#​13478)
• option to skip about:blank jumps (#​13375)

Report

• psi: update styles for tighter fit in narrow viewports (#​13355)

Deps

• bump eslint and related items (#​13484)
• axe-core: upgrade to 4.3.5 (#​13441)

Tests

• smoke: fix chromestatus url (#​13475)
• split smoke tests into one test per file (#​13461)
• fix devtools build command (#​13457)
• move sharding higher so smokehouse-bundle can also shard (#​13387)
• port axe test to pptr (#​13450)

Misc

• build: build test flow report to same path as sample-reports (#​13324)
• treemap: add lang to html tag (#​13454)

v9.1.0

Compare Source

Full Changelog

We expect this release to ship in the DevTools of Chrome 98, and to PageSpeed Insights within 2 weeks.

New Contributors

Thanks to our new contributors 👽🐷🐰🐯🐻!

• @​whitep4nth3r
• Adam Read @​adamread

Notable Changes

• If using Next.js, you will now see advice specific to it in some audits (#​13424)

Core

• canonical: remove cross-origin check (#​13412)
• add original location to most usages of source-location (#​13393)
• mindfully order properties in the lhr (#​13418)
• ensure log-normal score is always in correct range (#​13392)
• installable-manifest: pipeline-restarted check (#​13365)

Report

• remove margin when saving html in standalone report (#​13409)
• consistent red display text (#​13391)
• treemap: correct percentages when 0 bytes JS (#​13382)

⛏️👷 Fraggle Rock

Support for auditing user flows (#​11313)

• rebaseline sample (#​13358)
• report api (#​13374)

Deps

• remove browserify (#​13417)
• update to typescript 4.5 (#​13399)
• snyk: update snyk snapshot (#​13388)

Clients

• devtools: remove report.css (#​13377)
• viewer: add support for flow reports (#​13260)

I18n

• import (#​13427)

Docs

• example to save flow as json (#​13415)
• throttling: clarify throttle npm name (#​13371)

Tests

• fix undefined HTMLInputElement in bundle-test (#​13421)
• make inline-fs-test not reliant on cwd (#​13420)
• increase timeout for axe test (#​13386)

Misc

• build: replace browserify with rollup (#​13416, #​13406, #​13407, #​13408)
• build: prevent over optimization of computeBenchmarkIndex (#​13366)
• treemap: remove postMessage. refactor options input (#​13356)

v9.0.0

Compare Source

Full Changelog

We expect this release to ship in the DevTools of Chrome 98. It is already live in the new PageSpeed Insights.

See the What's new in Lighthouse 9.0 blog post. Continue for the changelog.

New Contributors

Thanks to our new contributors 👽🐷🐰🐯🐻!

• Sergii Bondarenko @​BR0kEN-
• Prerana Nawar @​prerana1821

Notable Changes

• [BREAKING] move to minimum Node 14 (#​13243)
• a11y: add relatedNodes to accessibility audits (#​13193)

Removed Audits

• [BREAKING] appcache-manifest: remove audit (#​13287)
• [BREAKING] external-anchors-use-rel-noopener: remove audit (#​13298)
• [BREAKING] remove the redirect pass and redirects-http audit (#​12643)

Preview: Audit User Flows

Lighthouse now offers auditing user flows, scripted with Puppeteer, via the Node CLI. This means you can now audit a page beyond its initial load. See the Lighthouse user flows blog post for more.

Core

• fix launching chrome in node 17 (#​13301)
• reduce image hotlinking in the report (#​13185)
• emulation: set client-hints metadata when spoofing the UA (#​13341)
• emulation: bump chrome version to m98 (#​13340)
• config: use abbreviation for pwa category title (#​13270)
• deprecations: use inspector issues (#​13342)
• avoid fatal errors when collecting base artifacts (#​13312)
• [BREAKING] errors-in-console: remove url property from items (#​13286)
• [BREAKING] image-size-responsive: remove elidedUrl, elide url property instead (#​13226)
• [BREAKING] image-elements: remove mimeType from artifact (#​13265)

Report

• introduce the new report api, add dom.rootEl (#​13277, #​13279, #​13361)
• make denser. changes to typography, group descriptions, more (#​13249)
• display final screenshot prominently (#​13123)
• redesign runtime settings (#​13125, #​13350)
• help-dialog: remove timespan SEO (#​13354)
• order metrics by row (#​13328)
• sort audits by weight (#​13053)
• translate newly added report strings (#​13308)
• [BREAKING] group perf audits by details type. change the meaning of an audit whose group is not defined–before no group implied an audit would not be renderered, but now an explicit hidden group is used (#​13241, #​13310)
• [BREAKING] pwa: remove renderScoreGauge, replaced with renderCategoryScore (#​13269)

⛏️👷 Fraggle Rock

Support for auditing user flows (#​11313)

• handle 0 throughput in timespan (#​13323)
• clone default categories to avoid modification (#​13337)
• add timespan support to h2 (#​12814)
• report: remove smooth scrolling (#​13317)
• report: network throttling settings (#​13305)
• report: use filmstrip thumbnail in navigation (#​13283)
• report: fix report anchors (#​13233)
• report: full page screenshot renderer (#​13276)
• report: category tooltip highest impact (#​13230)
• report: import lhr strings (#​13215)
• report: i18n formatter (#​13190)
• report: mock styles (#​13220)

Deps

• bump lighthouse-plugin-publisher-ads (#​13339)
• deps: update chrome-launcher to 0.15.0 (#​13353)

Clients

• devtools: only use locales that have locale files to download (#​13214)
• psi: retire prepareLabData, reuse standard report rendering (#​13229)

I18n

• import (#​13360)
• add better support for the default locale in bundles (#​13211)

Tests

• eslint: add export rule (#​13282)
• longer timeout for installability errors check (#​13297)
• ignore .tmp directory in jest modules (#​13285)
• add cdt folders to devtools test cache buster (#​13268)
• update devtools default branch to 'main' (#​13266)
• ci tests should include all files (#​13235)
• report: throw on axe error (#​13234)
• flow: puppeteer test (#​13281)

Misc

• publish: include the report bundle in npm package (#​13349)
• build: create inline-fs rollup plugin to replace brfs (#​13232, #​13240, #​13248, #​13272, #​13275, #​13278, #​13280)
• build: use rollup to build lighthouse-core bundles (#​12771)
• build: call close method on rollup builds (#​13307)
• build: use prepack script to build report (#​13261)
• build: do not assign runBundledLighthouse in devtools bundle (#​13311)
• build: use cross platform sed for devtools script (#​13242)
• preserve error stack when using promise timeout (#​13333)
• support old devtools in yarn run-devtools (#​13284)
• add report bundles to nightly build (#​13222)
• rename lighthouse-treemap to treemap (#​13246)
• rename lighthouse-viewer to viewer (#​13247)
• simplify release process, run package-test in CI (#​13212)
• add os to bug report template (#​13245)
• proto: add throttling and throttling_method (#​13309)
• revert missing bundle tests (#​13289)
• fix typo (#​13224)

v8.6.0

Compare Source

Full Changelog

We expect this release to ship in the DevTools of Chrome 97, and to PageSpeed Insights within 2 weeks.

New Contributors

Thanks to our new contributors 👽🐷🐰🐯🐻!

• meehawk @​meehawk
• Edwin Gustafson @​edwingustafson
• Yorkie Liu @​yorkie

Core

• crawlable-anchors: ignore event listeners, validate url (#​13105)
• full-page-screenshot: fix emulation reset (#​13175)
• response-compression: add x-content-encoding-over-network (#​13176)
• share localization between core and report (#​13146)
• update cdt SourceMap to latest devtools frontend (#​13095)
• stack-packs: simplify i18n filename lookup (#​13133)

⛏️👷 Fraggle Rock

Support for auditing user flows (#​11313)

• add UserFlow usability improvements (#​13139)
• add supportedModes filter to categories (#​13161)
• handle cached timespan records (#​13181)
• add parity logging (#​13114)
• animate timespan thumbnail (#​13178)
• refine snapshot and timespan performance (#​13184)
• topbar save button (#​13109)
• elide step name (#​13171)
• localized sample (#​13143)
• timeline header (#​13128)
• add help dialog to explain flows (#​13159)
• collect i18n strings (#​13152)

CLI

• add list-locales flag (#​12983)
• always return correct version (#​13130)

Report

• move logger styles into js (#​13204)
• remove href from category score gauge (#​13180)
• inject report/assets/styles.css via components.js (#​13057)
• remove smooth scrolling css (#​13102)
• add lh- prefix to remaining show class (#​13203)
• handle gauge fragment links in script (#​13186)

Clients

• psi: include global reports styles in legacy psi rendering (#​13151)
• viewer: swap locale (#​10148, #​13192)
• viewer: remove devtools disclaimer (#​13145)
• viewer: add body styles (#​13144)
• viewer: upgrade to firebase 9 (#​13115)
• viewer: use access token regardless of firebase auth (#​13116)
• viewer: use new firebase credentials (#​13110)

I18n

• import (#​13206)

Docs

• correct the Node.js version base (#​13099)
• add user flow docs (#​13134)

Tests

• smoke: make specific assertions about deprecations (#​13191)
• update deprecations smoke for M96 (#​13179)
• make yarn unit run all available unit tests (#​13148)
• centralize running of docs tests (#​13150)
• split out axe test (#​13142)

Misc

• convert lighthouse-core/scripts to ES modules (#​13121)
• remove patrick from issue assigner (#​13194)
• set predictable order for sample json timing entries (#​13162)
• scripts: fix run-devtools sniffing, add error checking (#​13163)
• ensure psi.espanol sample-report es en espanol (#​13160)
• add notes about software versions in issue template (#​13089)
• build: fix smokehouse bundle (#​13135)
• build: fix vercel deployment by adopting stricter engines grammar (#​13183)
• build: create rollup-plugins.js helper module (#​13122)
• build: don't build flow if only --standalone is requested (#​13124)

v8.5.1

Compare Source

Full Changelog

This is a patch release to fix an issue in the CLI when error reporting has been enabled.

New Contributors

Thanks to our new contributor 👽🐷🐰🐯🐻!

• Yorkie Liu @​yorkie

CLI

• fix crash with Sentry init (#​13104)

⛏️👷 Fraggle Rock

Support for auditing user flows (#​11313)

• add API for constructing flow result (#​13034)
• add category tooltips to flow report (#​13043)

v8.5.0

Compare Source

Full Changelog

We expect this release to ship in the DevTools of Chrome 96, and to PageSpeed Insights within 2 weeks.

New Contributors

Thanks to our new contributors 👽🐷🐰🐯🐻!

Konstantin Popov @​KonstHardy
Can Umay @​canumay

Core

• lazy-lcp: fix failureTitle in lcp-lazy-loaded (#​13049)
• tracing: remove cpu_profiler.hires (#​13056)
• tsc: add base tsconfig for config inheritance (#​13072)
• make main tsc compile cacheable (#​13069)

⛏️👷 Fraggle Rock

Support for auditing user flows (#​11313)

• cleanup driver on run completion (#​13062)
• setup emulation and throttling for timespans (#​13058)
• support additionalTraceCategories (#​13030)
• add support for plugins (#​13028)
• move GatherContext to baseArtifacts (#​13033)
• preserve traces on failed page load (#​13027)
• move HostUserAgent/FormFactor back to base artifacts (#​12969)
• use devtools throttling by default in timespan mode (#​13013)
• collect OOPIF network data (#​12992)
• flow: summary sections (#​13086)
• flow: topbar (#​13065)

CLI

• convert to ES modules (#​13045)

Report

• make metric value more prominent in table (#​13036)
• 3p-filter: drop for/id as elements are already nested (#​13067)
• add gatherMode option to category score (#​13029)
• add fractional category scores (#​13009)

Deps

• update to latest @​rollup/plugin-typescript (#​13075)
• snyk: update snyk snapshot (#​13019)

Clients

• lr: bundle smokehouse as commonjs (#​13074)
• add canonical link to viewer and treemap (#​13032)

Docs

• readme: add Peyk to the list of integrations (#​13055)

Tests

• add FR integration scenarios (#​13092)
• update SVGOMG expectations (#​13088)
• restore use of latest node 16 in CI (#​13079)
• eslint: trailing commas for import/export (#​13059)
• smokehouse: add flag for test sharding (#​13047)
• smokehouse: convert to ES modules (#​13046)
• fix flaky robots smoke failure (#​13031)
• smoke: upload smokehouse artifacts on failure (#​13010)

Misc

• build: fix minifyFileTransform stream bug in Node 16 (#​13073)
• fix typo in lighthouse-treemap/app/src/main.js (#​13076)
• proto: add i18n.icuMessagePaths (#​13068)
• remove all FR-COMPAT todos (#​13023)

v8.4.0

Compare Source

Full Changelog

We expect this release to ship in the DevTools of Chrome 95, and to PageSpeed Insights within 2 weeks.

New Contributors

Thanks to our new contributors 👽🐷🐰🐯🐻!

Emmanouil Zoumpoulakis @​emzoumpo
Milutin Kristofic @​milutin
Bjørn Erik Pedersen @​bep
Jerome Cukier @​jckr
Saurav Kumar @​svkrclg

New Audits

• Detect when the LCP element is lazy-loaded. Above-the-fold images that are lazily loaded render later in the page lifecycle, which can delay the largest contentful paint. Learn more (#​12838)

Core

• network-request: identify filesystem resources as non-network (#​12970)
• viewport: add viewport audit as perf diagnostic (#​12972)
• csp-evaluator: bump package version (#​12990)
• config: keep full-page-screenshot in skipAudits case (#​12645)
• large-javascript-libraries: delete (#​12941)

⛏️👷 Fraggle Rock

Support for auditing user flows (#​11313)

• collect devtoolsLogs on pageLoadError (#​12980)
• add config validation (#​12945)
• align navigation failure behavior (#​12862)
• add protocol timeout to session (#​12913)
• parity on Stacks and FullPageSnapshot gatherers (#​12907)
• http-status-code: navigation only (#​13005)
• add --debugNavigation setting (#​12902)
• flow: sidebar mocks (#​13002)
• flow: embedded lighthouse report (#​12989)
• flow: summary page (#​12973)
• flow: navigation sidebar (#​12929)
• flow: standalone shell report with preact (#​12850)

Report

• accessible n/a icon (#​12984)
• split topbar features (#​12926)
• prefix all classnames with lh- (#​12985)
• isolate type checking (#​12953, #​12952, #​12951)
• use postMessage to open viewer outside devtools (#​12927)
• better deduping of warnings (#​12355)

Deps

• snyk: update snyk snapshot (#​13001, #​12982)
• update to typescript 4.4.2 (#​12909, #​12999)

Clients

• lightrider: use iframe fetcher (#​13006)
• treemap: convert to ES modules (#​12892)
• viewer: make entire directory use modules (#​12975)

Docs

• auth: add missing build step in README (#​12911)
• changelog: fix typo in changelog.md (#​12997)
• hacking: add links to buildtracker/pr-tracking (#​12922)

Tests

• avoid node 16.9.0 (#​13012)
• ci: restore ToT Chromium download (#​12943, #​12950)
• dom: fix node 16 createObjectURL bug (#​12935)
• eslint: add import/order rule (#​12998)
• fr: convert screenshot expectations (#​12912)
• smoke: check for passing robots-txt (#​13007)
• smoke: fix dbw console error expectation (#​13011)
• smoke: print command to rerun failures (#​12924)
• devtools: sync (#​12899)
• devtools: tsc type override bug workaround (#​12933)
• create faux psi report (#​12815)

Misc

• the great sample rebaseline (#​12932)
• restructure types to use project references (#​12914, #​12946, #​12940)
• build: sample flow report (#​12930)
• build: do not include locales in devtools bundle (#​12921)
• build: remove template.html from devtools report resources (#​12891)
• build: create UMD bundle build (#​12898)
• build: normalize sample-report build naming (#​12901)
• build: prefer paths when using gh-pages-app (#​12905)
• build: refactor devtools bundle tweaking (#​12974)
• tweak folder used for vercel deployment (#​12879)
• cli: improve error if invalid value for --output argument is passed (#​12836)
• exit collect-strings script with error code on failure (#​12971)

v8.3.0

Compare Source

Full Changelog

We expect this release to ship in the DevTools of Chrome 94, and to PageSpeed Insights within 2 weeks.

New Contriubutors

Thanks to our new contributors 👽🐷🐰🐯🐻!

• Haruaki OTAKE @​aaharu
• Georgi Yonchev @​g-yonchev
• Kartike Bansal @​kraten

Core

• fix resource size calculation of cached images (#​12612)
• convert core .d.ts files to modules (#​12870, #​12880, #​12888)

⛏️👷 Fraggle Rock

Support for auditing user flows (#​11313)

• override quiet windows for observed performance (#​12873)

Report

• autogenerate components.js from templates.html (#​12803)
• reword SEO category description (#​12877)
• dom: handle undefined link url from proto roundtrip (#​12872)

Deps

• csp-evaluator: upgrade to exactly 1.0.4 (#​12858)

Clients

• viewer: convert to ES modules (#​12878)

I18n

• import (#​12893)

Docs

• readme: add SpeedVitals to the list of integrations (#​12866)

Misc

• remove nyc config (#​12876)
• npmignore all of dist/ except standalone report (#​12855)

v8.2.0

Compare Source

Full Changelog

We expect this release to ship in the DevTools of Chrome 94, and to PageSpeed Insights within 2 weeks.

New contributors

Thanks to our new contributor 👽🐷🐰🐯🐻!

• Krzysztof Szarlej @​kszarlej

Core

• csp-xss: make n/a with empty results (#​12801)
• css-usage: ignore removed stylesheets (#​12827)
• emulation: bump chrome versions (#​12849)
• traces: disable cpu-profiler trace category (#​12843)
• byte-efficiency: mark n/a if no network records in timespan (#​12839)

⛏️👷 Fraggle Rock

Support for auditing user flows (#​11313)

• add --fraggle-rock flag (#​12805)
• add config extension support (#​12832)
• add snapshot and timespan support to no-unload-listeners audit (#​12830)
• support config filtering via only/skip settings (#​12808)
• add timespan support to css-usage (#​12728)

Report

• convert to ES modules (#​12702)
• metric-filter: handle multiple reports in the same DOM (#​12817)
• dom: introduce safelySetHref (#​12796)

Deps

• update third-party-web to 0.12.4 (#​12753)
• update lighthouse-logger to 1.3.0 (#​12812)

Clients

• viewer: add disclaimer regarding devtools bug (#​12846)
• viewer: accept lhr from fragment (#​12557)

Docs

• readme: list dtekt.io in web perf services (#​12831)

Tests

• add fraggle rock smoke tests (#​12834)
• add report/ to tsconfig (#​12822)
• devtools: sync tests, fix cache action (#​12807)
• page-functions: remove segfault workaround (#​12847)
• smoke: convert to single LH run per test (#​12818)
• smoke: convert core tests to single-expectations format (#​12819)

Misc

• build: ensure distDir is present before emptying it (#​12829)
• types: fix null return on querySelector (#​12848)
• read locale files without using require (#​12721)
• add prefix to lighthouse-logger debug scope (#​12806)

v8.1.0

Compare Source

Full Changelog

We expect this release to ship in the DevTools of Chrome 93, and to PageSpeed Insights within 2 weeks.

New contributors

Thanks to our new contributors 👽🐷🐰🐯🐻!

• Todor Totev @​todortotev
• Tanner Dolby @​tannerdolby
• Victor Porof @​victorporof
• Gareth Jones @​G-Rath

Core

• modern-images: update to include AVIF estimates (#​12682)
• preload: temporarily disable all preload advice (#​12661)
• network-request: consider HSTS redirects secure (#​12681)
• total-byte-weight: count partially finished requests (#​12665)
• canonical: proper explanation for url misuse (#​12676)
• fallback to selector, not tagName for nodeLabel (#​12727)
• csp-xss: update learn more link (#​12672)
• installable-manifest: align descriptions with applicatons panel (#​12678)
• trace: include additional perf categories (#​12692)
• tap-targets: add stylesheet over protocol (#​12634)

⛏️👷 Fraggle Rock

Support for auditing user flows (#​11313)

• fr: uses-responsive-images-snapshot (#​12714)
• fr: limit scope of audits to applicable modes (#​12764)
• fr: split timespan support for server-response-time (#​12758)
• fr: enable traces artifact in timespan mode (#​12695)
• fr: add lighthouseMarker timeOrigin support (#​12688)
• fr: add timespan support to viewport-dimensions (#​12680)
• fr: add snapshot support to ImageElements gatherer (#​12663)
• fr: convert service-worker gatherer (#​12662)
• fr: add audit mode filter (#​12649)
• fr: split traceOfTab into timespan/navigation types (#​12633)
• fr: fix main-document-content ([#​12632](https://redirect.github.com/GoogleChrome/lighthouse/pul