Dependencies with js-sha256 is risky

[neeboo]

Hi, there is a bug on some specific browser version with sha256 calculation error.

emn178/js-sha256#40

I found that the bitcore-lib depends on bip-schnorr then js-sha256

We should be careful and should changes it to @noble/hashes/sha256

And for Unisat Extension, for quick patch, you should use fix-modules to replace bip-schnorr package

const fixSha256 = () => {
  const file = './node_modules/bip-schnorr/src/convert.js';
  let fileData = fs.readFileSync(file).toString();
  fileData = fileData.replace(
    fileData,
    `
    const BigInteger = require('bigi');
    const Buffer = require('safe-buffer').Buffer;
    const binding = require('@noble/hashes/sha256');

    const { sha256 } = binding;

    
    function bufferToInt(buffer) {
      return BigInteger.fromBuffer(buffer);
    }

    function intToBuffer(bigInteger) {
      return bigInteger.toBuffer(32);
    }

    function hash(buffer) {
      return Buffer.from(sha256.create().update(buffer).digest(), 'hex');
    }

    module.exports = {
      bufferToInt,
      intToBuffer,
      hash,
    };
    `
  );
  fs.writeFileSync(file, fileData);
};

then

const run = async () => {
  let success = true;
  try {
  ...
    fixSha256();
  } catch (e) {
    console.error('error:', e.message);
    success = false;
  } finally {
    console.log('Fix modules result: ', success ? 'success' : 'failed');
  }
};

Thanks