Upgrade to the new SRI hash format

Question

Upgrade to the new SRI hash format

Closed this issue 10 years ago · 2 comments

I don't know if this is the right repo to file this against, but the hash format for SRI has just changed to match the one for CSP2:

base64 (not base64url) encoding with trailing equal signs
hash algorithms are lowercase with no dashes (e.g. sha256, sha384 and sha512)

For example:

<script src="https://code.jquery.com/jquery-1.10.2.min.js"
        integrity="type:application/javascript
                   sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg=">

Answer 1 · 2015-02-18T05:41:03.000Z

Yep, this is the right repo. Regarding SemVer, do you think I should do a major or a minor version jump for the update?

Answer 2 · 2015-02-18T06:09:20.000Z

Ah good question. I don't know, but it's probably a big enough change to warrant a major version bump.