build(deps): bump github.com/emmansun/gmsm from 0.41.0 to 0.41.1

[dependabot]

Bumps github.com/emmansun/gmsm from 0.41.0 to 0.41.1.

Release notes

Sourced from github.com/emmansun/gmsm's releases.

v0.41.1

This patch release focuses on security hardening and compatibility improvements since v0.41.0, with a key fix for SM9 input validation in decryption, key unwrapping, signature verification, and key exchange flows.

Highlights

• Hardened SM9 by rejecting infinity points in decrypt, unwrap, verify, and key exchange operations
• Improved DRBG robustness
• Added warnings for broken or weak cryptographic algorithms
• Improved certificate compatibility with support for explicit curve parameters in ECDSA certificates
• Refined documentation for SM2 and updated project README files
• Updated dependencies and CI tooling

Security

• Fixed SM9 validation to reject infinity points in sensitive cryptographic paths
• Hardened DRBG behavior
• Added warning messages for broken or weak cryptographic algorithms

Compatibility and X.509

• Added support for explicit curve parameters as defined in RFC 3279 for ECDSA certificates
• Improved SM2-related certificate handling and test coverage
• Expanded smx509 test coverage

Internal Improvements

• Refactored KDF implementation
• Switched internal random utility usage to math/rand/v2
• Cleaned up package comments for SLH-DSA, ML-DSA, and ML-KEM packages
• Removed go1.24-specific build tag constraints from several PQC packages

Documentation

• Rewrote the SM2 documentation
• Updated the English SM2 documentation
• Refreshed README and README-EN content

Dependencies and CI

• Updated golang.org/x/crypto to 0.48.0
• Updated github/codeql-action through 4.32.6
• Updated step-security/harden-runner to 2.15.1
• Updated actions/setup-go to 6.3.0
• Updated actions/upload-artifact to 7.0.0
• Updated docker/setup-qemu-action to 4.0.0

Contributors

Thanks to all contributors in this release:

... (truncated)

Commits

• 3ffef87 Merge pull request #453 from emmansun/develop
• 44e0ea0 Merge pull request #452 from emmansun/main
• 1085b2e SM9: reject infinity points in decrypt, unwrap, verify, and key exchange
• 38d3d93 Merge pull request #450 from emmansun/dependabot/github_actions/develop/step-...
• a92f3ce Merge pull request #449 from emmansun/dependabot/github_actions/develop/githu...
• 1b8ef15 build(deps): bump step-security/harden-runner from 2.15.0 to 2.15.1
• 3b46343 build(deps): bump github/codeql-action from 4.32.5 to 4.32.6
• 0d2c3e6 Merge pull request #448 from emmansun/dependabot/github_actions/develop/docke...
• b04963c build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0
• bf38540 Merge pull request #447 from emmansun/dependabot/github_actions/develop/githu...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)