Hi, I’m working on a WordPress plugin that provides updated jQuery to the WordPress frontend in a robust and secure manner. It allows the user to select their preferred public CDN (or no CDN) and secures both jQuery and jQuery Migrate with SRI - serving them locally in the event that the client fails to retrieve it from the CDN or the SRI fails.
For jQuery 3.5.1 there are no issues if the webmaster chooses cdnjs but for jquery-migrate (minified version) there is a problem.
The jquery-migrate-3.3.0.min.js downloaded from jQuery.com and hosted on the jQuery CDN has an SRI of
However on CDNJS the file has an SRI of
I need to understand why it is different here before I can compensate in my plugin to use a different SRI when CDNJS is the chosen CDN to serve jQuery + migrate plugin from.