feat: Added integrity attribute support

[jonahallibone]

Description

What

This PR introduces an integrity props and creates an attribute on the generated <Script /> tag.

Why

Google CASA and other common security audits require that all third party scripts be accompanied by an SRI to pass their certification checks. Doing this with Clerk, while possible, was not supported natively. The recommended solution was to point clerkJsUrl at a blank file hosted on my domain, and manually add the script tag with the verison and SRI attribute to match. This PR introduces first party support for integrity such that this workaround can be obviated.

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

[changeset-bot]

🦋 Changeset detected

Latest commit: 92776cc

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 19 packages

Name	Type
@clerk/nextjs	Minor
@clerk/shared	Minor
@clerk/clerk-react	Minor
@clerk/astro	Patch
@clerk/backend	Patch
@clerk/chrome-extension	Patch
@clerk/clerk-js	Patch
@clerk/elements	Patch
@clerk/expo-passkeys	Patch
@clerk/clerk-expo	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/remix	Patch
@clerk/tanstack-start	Patch
@clerk/testing	Patch
@clerk/ui	Patch
@clerk/vue	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
clerk-js-sandbox	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jan 16, 2025 11:13pm