feat: add integrity field to manifest when sri is enabled

[chenjiahan]

Summary

Add Subresource Integrity (SRI) hashes to the manifest file for emitted assets when the security.sri option is enabled.

This includes updating the manifest plugin, adding test cases, and documenting the new integrity field in documentation.

Related Links

• resolve [Feature]: The ability to get the integrity field from the manifest #6090
• https://github.com/rspack-contrib/rspack-manifest-plugin/releases/tag/v5.2.0

Checklist

• Tests updated (or not required).
• Documentation updated (or not required).

[netlify]

✅ Deploy Preview for rsbuild ready!

Name	Link
🔨 Latest commit	6d86bc6
🔍 Latest deploy log	https://app.netlify.com/projects/rsbuild/deploys/6922f6cd9dccab0008862e00
😎 Deploy Preview	https://deploy-preview-6634--rsbuild.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 60 (🔴 down 9 from production) Accessibility: 100 (no change from production) Best Practices: 100 (no change from production) SEO: 100 (no change from production) PWA: 60 (no change from production) View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Copilot]

Pull request overview

This PR adds Subresource Integrity (SRI) hash support to the manifest file. When the security.sri option is enabled, the manifest will now include an integrity field mapping asset file paths to their corresponding SRI hashes.

• Updated rspack-manifest-plugin from 5.1.0 to 5.2.0 to support integrity field
• Added integrity field to ManifestData type with documentation
• Modified manifest generation logic to collect and populate integrity hashes from assets

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
packages/core/src/plugins/manifest.ts	Added logic to collect integrity hashes from file descriptors and include them in manifest output
packages/core/src/types/config.ts	Added integrity field to ManifestData type definition with JSDoc documentation
packages/core/package.json	Updated rspack-manifest-plugin dependency from 5.1.0 to 5.2.0
pnpm-lock.yaml	Updated lockfile to reflect new rspack-manifest-plugin version
website/docs/en/config/output/manifest.mdx	Added English documentation for the new integrity field
website/docs/zh/config/output/manifest.mdx	Added Chinese documentation for the new integrity field
e2e/cases/output/manifest-integrity/	Added new test case to verify integrity field is populated correctly in build and dev modes

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".