chore(deps): bump jsrsasign from 11.1.1 to 11.1.2

[dependabot]

Bumps jsrsasign from 11.1.1 to 11.1.2.

Changelog

Sourced from jsrsasign's changelog.

ChangeLog for jsrsasign

• Changes from 11.1.1 to 11.1.2 (2026-Apr-12)

  • Security fixes:
    • HIGH: wrong random for for Node.JS >= 19 and modern browsers (ext/rng.js SecureRandom) reported by Bronson Yen of Calif.io and @​Kr0emer #655.
    • HIGH: ASN.1 Parser Infinite Loop (asn1hex.js) getChildIdx fix to avoid infinite loop reported by Koda Reef.
    • HIGH: DSA Universal Signature Forgery (dsa.js) FIPS 186-4 section 4.7 wrong boundary checking in verifyWithMessageHash reported by Koda Reef, Nicholas Carlini and @​Kr0emer.
    • ASN1HEX.getChildIdx DoS (asn1hex.js) getChildIdx may raise DoS because of lacking value length check reported by Yt(yutengsun) and Franciny S Roj.
    • missing JWS crit header parameter validation (jws.js) as reported by Franciny S Roj. Thank you indeed for those vulnerability reports and/or patches.

• Changes from 11.1.0 to 11.1.1 (2026-Feb-20)

  • security fix for DSA and BigInteger
    • PR #651, #650, #649, #648, #647, #646, #645. Thank you @​Kr0remer
    • After assigned CVE number reports will be added.
  • SECURITY.md added. Thank you @​njg7194

restore KJUR.crypto.Cipher class without RSA/RSAOAEP support

• Changes from 11.0.0 to 11.1.0 (2024-Feb-01)
  • src/crypto.js
    • restore KJUR.crypto.Cipher class without RSA and RSAOAEP encryption/decryption support

remove RSA and RSAOAEP encryption for Marvin attack

• Changes from 10.9.0 to 11.0.0 (2024-Jan-16)
  • Major Changes:
    • Stop to support Internet Explorer.
    • Stop to support bower.
    • Modern ECMA functions will be introduced such as Promise, let, Array methods or class.
    • API document generator will be changed from Jsdoc Toolkit to JSDoc3.
    • Module bandler will be used such as browserify or webpack.
    • Not to use YUI compressor.
    • Unit test framework will be changed from QUnit and mocha to jest.
    • W3C Web Crypto API support.
    • split into some modules besides jsrsasign have been all in package before 11.0.0.
  • remove RSA PKCS#1.5 end OAEP encryption/decryption for Marvin attack (#598)
  • src/crypto.js
    • remove KJUR.crypto.Cipher class for RSA and RSAOAEP encryption/decryption
  • ext/{rsa,rsa2}.js remove encrypt/decrypt/encryptOAEP/decryptOAEP for RSAKey class

enhanced support for encrypted PKCS8

• Changes from 10.8.6 to 10.9.0 (2023-Nov-27)

... (truncated)

Commits

• d568de3 11.1.2 release
• 08f659d delete sponsorship
• 66ff9ba text update
• d3370bf text update
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)