The spec only uses "SHOULD" to recommend collision resistance:
User agents [...] SHOULD restrict supported hashing functions to those known to be collision-resistant.
The security guarantees that SRI provides do not hold if the hash function is not collision (and second preimage) resistant. The specification can use "MUST" when it comes to properties that are essential to its function.
The same only partly applies to the SHOULD on the other arm of this sentence. SHA-1 and MD5 do not have (published) second preimage attacks, which are the ones that really matter in terms of real attacks. I would be supportive of a "MUST" there as well though, if only to preempt advances in cryptanalysis. Maybe if no one implements these, that wouldn't be a big deal anyway.
The spec only uses "SHOULD" to recommend collision resistance:
The security guarantees that SRI provides do not hold if the hash function is not collision (and second preimage) resistant. The specification can use "MUST" when it comes to properties that are essential to its function.
The same only partly applies to the SHOULD on the other arm of this sentence. SHA-1 and MD5 do not have (published) second preimage attacks, which are the ones that really matter in terms of real attacks. I would be supportive of a "MUST" there as well though, if only to preempt advances in cryptanalysis. Maybe if no one implements these, that wouldn't be a big deal anyway.