fix: update sha.js to ^2.4.12 to address CVE-2025-9288

- Bumps sha.js from ^2.4.11 to ^2.4.12
- Fixes security vulnerability where missing input type checks
  could lead to hash state rewind and value miscalculation
- CVE-2025-9288: GHSA-95m3-7q98-8xr5

Author: fglsn

package.json

@@ -33,7 +33,7 @@
 		"readable-stream": "^2.3.8",
 		"ripemd160": "^2.0.2",
 		"safe-buffer": "^5.2.1",
-		"sha.js": "^2.4.11"
+		"sha.js": "^2.4.12"
 	},
 	"optionalDependencies": {
 		"@noble/hashes": "^1.3.3"