fix(deps): update module github.com/containers/ocicrypt to v1.1.8

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

vendor/github.com/containers/ocicrypt/.golangci.yml

@@ -13,12 +13,12 @@ linters:
 
 linters-settings:
   depguard:
-    list-type: denylist
-    include-go-root: true
-    packages:
-      # use "io" or "os" instead
-      # https://go.dev/doc/go1.16#ioutil
-      - io/ioutil
+    rules:
+      main:
+        files:
+          - $all
+        deny:
+          - pkg: "io/ioutil"
 
   revive:
     severity: error
@@ -29,3 +29,7 @@ linters-settings:
 
       - name: error-strings
         disabled: false
+
+  staticcheck:
+    # Suppress reports of deprecated packages
+    checks: ["-SA1019"]

vendor/github.com/containers/ocicrypt/CODE-OF-CONDUCT.md

@@ -1,3 +1,3 @@
 ## The OCIcrypt Library Project Community Code of Conduct
 
-The OCIcrypt Library project follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/master/CODE-OF-CONDUCT.md).
+The OCIcrypt Library project follows the [Containers Community Code of Conduct](https://github.com/containers/common/blob/main/CODE-OF-CONDUCT.md).

vendor/github.com/containers/ocicrypt/SECURITY.md

@@ -1,3 +1,3 @@
 ## Security and Disclosure Information Policy for the OCIcrypt Library Project
 
-The OCIcrypt Library Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/master/SECURITY.md) for the Containers Projects.
+The OCIcrypt Library Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/main/SECURITY.md) for the Containers Projects.

vendor/github.com/containers/ocicrypt/crypto/pkcs11/common.go

@@ -102,7 +102,7 @@ func GetDefaultModuleDirectories() []string {
 		"/usr/lib/softhsm/", // Debian,Ubuntu
 	}
 
-	// Debian directory: /usr/lib/(x86_64|aarch64|arm|powerpc64le|s390x)-linux-gnu/
+	// Debian directory: /usr/lib/(x86_64|aarch64|arm|powerpc64le|riscv64|s390x)-linux-gnu/
 	hosttype, ostype, q := getHostAndOsType()
 	if len(hosttype) > 0 {
 		dir := fmt.Sprintf("/usr/lib/%s-%s-%s/", hosttype, ostype, q)

vendor/github.com/containers/ocicrypt/crypto/pkcs11/utils.go

@@ -105,6 +105,8 @@ func getHostAndOsType() (string, string, string) {
 			ht = "x86_64"
 		case "ppc64le":
 			ht = "powerpc64le"
+		case "riscv64":
+			ht = "riscv64"
 		case "s390x":
 			ht = "s390x"
 		}

vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go

@@ -24,7 +24,7 @@ import (
 	"github.com/containers/ocicrypt/config"
 	"github.com/containers/ocicrypt/keywrap"
 	"github.com/containers/ocicrypt/utils"
-	jose "gopkg.in/square/go-jose.v2"
+	"github.com/go-jose/go-jose/v3"
 )
 
 type jweKeyWrapper struct {

vendor/github.com/containers/ocicrypt/utils/utils.go

@@ -26,14 +26,13 @@ import (
 	"strings"
 
 	"github.com/containers/ocicrypt/crypto/pkcs11"
-
+	"github.com/go-jose/go-jose/v3"
 	"golang.org/x/crypto/openpgp"
-	json "gopkg.in/square/go-jose.v2"
 )
 
 // parseJWKPrivateKey parses the input byte array as a JWK and makes sure it's a private key
 func parseJWKPrivateKey(privKey []byte, prefix string) (interface{}, error) {
-	jwk := json.JSONWebKey{}
+	jwk := jose.JSONWebKey{}
 	err := jwk.UnmarshalJSON(privKey)
 	if err != nil {
 		return nil, fmt.Errorf("%s: Could not parse input as JWK: %w", prefix, err)
@@ -46,7 +45,7 @@ func parseJWKPrivateKey(privKey []byte, prefix string) (interface{}, error) {
 
 // parseJWKPublicKey parses the input byte array as a JWK
 func parseJWKPublicKey(privKey []byte, prefix string) (interface{}, error) {
-	jwk := json.JSONWebKey{}
+	jwk := jose.JSONWebKey{}
 	err := jwk.UnmarshalJSON(privKey)
 	if err != nil {
 		return nil, fmt.Errorf("%s: Could not parse input as JWK: %w", prefix, err)