Fix webpack-subresource-integrity v5 named export handling#978
Merged
Fix webpack-subresource-integrity v5 named export handling#978
Conversation
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
Greptile SummaryThis PR fixes compatibility with
Confidence Score: 5/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A["require('webpack-subresource-integrity')"] --> B{"'SubresourceIntegrityPlugin' in module?"}
B -->|Yes v5+| C["Use module.SubresourceIntegrityPlugin"]
B -->|No v1.x| D["Use module directly as constructor"]
C --> E["new SubresourceIntegrityPlugin(options)"]
D --> E
E --> F["Push to plugins array"]
Last reviewed commit: 0a5972f |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
Contributor
ReviewThe fix is correct and well-structured. Using Two minor observations (see inline comments):
Otherwise this looks good to merge. |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
Review (follow-up)The current state of this PR looks good. The implementation is correct and the tests are clean. Verified:
One remaining minor nit (non-blocking): Ready to merge. |
justin808
added a commit
that referenced
this pull request
Mar 17, 2026
Promote v9.7.0-rc.0 to v9.7.0 stable and add missing PR #978 (webpack-subresource-integrity v5 named export fix). Co-Authored-By: Claude Opus 4.6 <[email protected]>
3 tasks
justin808
added a commit
that referenced
this pull request
Mar 17, 2026
### Summary Adds the v9.7.0 changelog section with release notes for all user-visible changes since v9.6.1: - **Added**: rspack v2 support (PR #975) - **Fixed**: Config exporter path traversal and annotation format validation (PR #914) - **Fixed**: `webpack-subresource-integrity` v5 named export handling (PR #978, fixes #972) Version diff links at the bottom of the file are updated accordingly. ### Pull Request checklist - [x] ~Add/update test to cover these changes~ - [x] ~Update documentation~ - [x] Update CHANGELOG file ### Other Information Non-user-visible PRs (#920, #965, #970, #971, #977, #979, #981, #982) were intentionally excluded per changelog policy. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Documentation-only change updating `CHANGELOG.md`; no runtime code or dependency changes are introduced in this PR. > > **Overview** > Adds a new `v9.7.0` section to `CHANGELOG.md` documenting user-visible changes (rspack v2 support and two fixes around config export security/validation and `webpack-subresource-integrity` v5 exports). > > Updates the compare links at the bottom so `[Unreleased]` now compares from `v9.7.0`, and adds the new `[v9.7.0]` tag link. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 8942a43. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added rspack v2 support * **Bug Fixes** * Improved security and validation handling <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
justin808
added a commit
that referenced
this pull request
Mar 18, 2026
## Summary - support both export styles from `webpack-subresource-integrity` in webpack plugins: - default export constructor (older versions) - named `SubresourceIntegrityPlugin` export (v5.1+) - keep runtime behavior unchanged for existing setups - add regression tests covering both module shapes ## Testing - `yarn test test/package/plugins/webpackSubresourceIntegrity.test.js --runInBand` - `yarn lint` - `yarn prettier --check package/plugins/webpack.ts test/package/plugins/webpackSubresourceIntegrity.test.js` Closes #972. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: small compatibility tweak to plugin loading plus focused unit tests; behavior should be unchanged except preventing runtime breakage with newer `webpack-subresource-integrity` exports. > > **Overview** > Updates the webpack plugin setup to support both `webpack-subresource-integrity` module shapes by using the named `SubresourceIntegrityPlugin` export when present and falling back to the default export. > > Adds regression tests that mock each export style to ensure the plugin is instantiated with the expected SRI options. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 0a5972f. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->
justin808
added a commit
that referenced
this pull request
Mar 18, 2026
### Summary Adds the v9.7.0 changelog section with release notes for all user-visible changes since v9.6.1: - **Added**: rspack v2 support (PR #975) - **Fixed**: Config exporter path traversal and annotation format validation (PR #914) - **Fixed**: `webpack-subresource-integrity` v5 named export handling (PR #978, fixes #972) Version diff links at the bottom of the file are updated accordingly. ### Pull Request checklist - [x] ~Add/update test to cover these changes~ - [x] ~Update documentation~ - [x] Update CHANGELOG file ### Other Information Non-user-visible PRs (#920, #965, #970, #971, #977, #979, #981, #982) were intentionally excluded per changelog policy. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Documentation-only change updating `CHANGELOG.md`; no runtime code or dependency changes are introduced in this PR. > > **Overview** > Adds a new `v9.7.0` section to `CHANGELOG.md` documenting user-visible changes (rspack v2 support and two fixes around config export security/validation and `webpack-subresource-integrity` v5 exports). > > Updates the compare links at the bottom so `[Unreleased]` now compares from `v9.7.0`, and adds the new `[v9.7.0]` tag link. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 8942a43. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added rspack v2 support * **Bug Fixes** * Improved security and validation handling <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.6 <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
webpack-subresource-integrityin webpack plugins:SubresourceIntegrityPluginexport (v5.1+)Testing
yarn test test/package/plugins/webpackSubresourceIntegrity.test.js --runInBandyarn lintyarn prettier --check package/plugins/webpack.ts test/package/plugins/webpackSubresourceIntegrity.test.jsCloses #972.
Note
Low Risk
Low risk: small compatibility tweak to plugin loading plus focused unit tests; behavior should be unchanged except preventing runtime breakage with newer
webpack-subresource-integrityexports.Overview
Updates the webpack plugin setup to support both
webpack-subresource-integritymodule shapes by using the namedSubresourceIntegrityPluginexport when present and falling back to the default export.Adds regression tests that mock each export style to ensure the plugin is instantiated with the expected SRI options.
Written by Cursor Bugbot for commit 0a5972f. Configure here.