Bump jsrsasign and node-opcua in /Demos/UA to GraphQL

[dependabot]

Removes jsrsasign. It's no longer used after updating ancestor dependency node-opcua. These dependencies need to be updated together.

Removes jsrsasign

Updates node-opcua from 2.18.0 to 2.167.0

Release notes

Sourced from node-opcua's releases.

v2.165.1 (patch)

Full Changelog: node-opcua/node-opcua@v2.165.0...v2.165.1

Bump global-mutex version

see https://github.com/node-opcua/node-opcua/releases/tag/v2.165.0 for latest release notes

🚀 Release Notes — v2.165.0

node-opcua v2.165.0 — Release Notes

Release date: 2026-03-18

This release brings advertised-endpoints support (ideal for Docker / NAT / proxy deployments), a global method-call interceptor API, several new server lifecycle helpers, and important bug fixes for extension-object binding and certificate handling.

---

✨ New Features

1. Advertised Endpoints — Docker / NAT / Proxy support

When a server runs behind Docker port-mapping, a reverse proxy, or a NAT gateway, the internal listen URL differs from the URL that clients actually use. The new advertisedEndpoints option lets you declare external URLs that are returned in GetEndpoints responses, while the server continues to listen on its original port.

Simple string shorthand

import { OPCUAServer } from "node-opcua";
const server = new OPCUAServer({
port: 4840,
advertisedEndpoints: "opc.tcp://public.example.com:48401",
});

Multiple URLs

const server = new OPCUAServer({
    port: 4840,
    advertisedEndpoints: [
        "opc.tcp://public.example.com:48401",
        "opc.tcp://vpn.internal:4840",
    ],
});

Per-URL security overrides

Different interfaces can have different security requirements — for example a public endpoint that enforces SignAndEncrypt and disallows anonymous access, while the internal one allows all modes:

</tr></table> 

... (truncated)

Commits

• 5decfa8 v2.167.0
• 13f310f refactor(server-config): self-contained test certificates
• 135902c feat(server-config): accept certificate chain in
• c0f5f35 test(e2e): fix chained certificate test to expect
• 95b5aa5 fix(server): harden register_server_manager against
• ef3f04e fix(server): use explicit length check for certificate
• e34bbb1 fix: resolve tsc --noEmit errors in node-opcua-end2end-test test suite
• d276591 fix: harden certificate validation and fix Certificate[] migration
• 25ab1b6 test(address-space): Fix hardcoded namespace index in AddIn instantiation test
• c487bf5 fix(client): Fix Callback was already called race condition during connection...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for node-opcua since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.