Bump jsrsasign and node-opcua in /Demos/UA to GraphQL

[dependabot]

Removes jsrsasign. It's no longer used after updating ancestor dependency node-opcua. These dependencies need to be updated together.

Removes jsrsasign

Updates node-opcua from 2.18.0 to 2.166.0

Release notes

Sourced from node-opcua's releases.

v2.165.1 (patch)

Full Changelog: node-opcua/node-opcua@v2.165.0...v2.165.1

Bump global-mutex version

see https://github.com/node-opcua/node-opcua/releases/tag/v2.165.0 for latest release notes

🚀 Release Notes — v2.165.0

node-opcua v2.165.0 — Release Notes

Release date: 2026-03-18

This release brings advertised-endpoints support (ideal for Docker / NAT / proxy deployments), a global method-call interceptor API, several new server lifecycle helpers, and important bug fixes for extension-object binding and certificate handling.

---

✨ New Features

1. Advertised Endpoints — Docker / NAT / Proxy support

When a server runs behind Docker port-mapping, a reverse proxy, or a NAT gateway, the internal listen URL differs from the URL that clients actually use. The new advertisedEndpoints option lets you declare external URLs that are returned in GetEndpoints responses, while the server continues to listen on its original port.

Simple string shorthand

import { OPCUAServer } from "node-opcua";
const server = new OPCUAServer({
port: 4840,
advertisedEndpoints: "opc.tcp://public.example.com:48401",
});

Multiple URLs

const server = new OPCUAServer({
    port: 4840,
    advertisedEndpoints: [
        "opc.tcp://public.example.com:48401",
        "opc.tcp://vpn.internal:4840",
    ],
});

Per-URL security overrides

Different interfaces can have different security requirements — for example a public endpoint that enforces SignAndEncrypt and disallows anonymous access, while the internal one allows all modes:

</tr></table> 

... (truncated)

Commits

• b50d48c v2.166.0
• 6ac3120 chore: update packages
• b82c293 fix(secure-channel): add TTL eviction to nonce cache
• c6b0573 fix(server): add nonce verification to UserNameIdentityToken
• e4c3c87 chore: minor fixes
• 4002059 v2.165.2
• e625c48 chore: update packages (support for openssl >3.5)
• e7c8958 v2.165.1
• 24b97ba chore: update packages (fixing global-mutex issue)
• fe53ac0 v2.165.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for node-opcua since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #64.