Upgrade golangci-lint to v1.64.5

.golangci.yml

@@ -19,12 +19,12 @@ linters:
     - revive
     - staticcheck
     - stylecheck
-    - tenv
     - testifylint
     - typecheck
     - unconvert
     - unused
     - unparam
+    - usetesting
     - wastedassign
 
 run:

Makefile

@@ -28,7 +28,7 @@ XGO_VERSION := go-1.24.x
 AIR_PACKAGE ?= github.com/air-verse/air@v1
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/[email protected]
 GOFUMPT_PACKAGE ?= mvdan.cc/[email protected]
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.63.4
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.64.5
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/[email protected]
 MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/[email protected]
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/[email protected]

modules/secret/secret.go

@@ -16,6 +16,7 @@ import (
 )
 
 // AesEncrypt encrypts text and given key with AES.
+// It is only internally used at the moment to use "SECRET_KEY" for some database values.
 func AesEncrypt(key, text []byte) ([]byte, error) {
 	block, err := aes.NewCipher(key)
 	if err != nil {
@@ -27,12 +28,13 @@ func AesEncrypt(key, text []byte) ([]byte, error) {
 	if _, err = io.ReadFull(rand.Reader, iv); err != nil {
 		return nil, fmt.Errorf("AesEncrypt unable to read IV: %w", err)
 	}
-	cfb := cipher.NewCFBEncrypter(block, iv)
+	cfb := cipher.NewCFBEncrypter(block, iv) //nolint:staticcheck // need to migrate and refactor to a new approach
 	cfb.XORKeyStream(ciphertext[aes.BlockSize:], []byte(b))
 	return ciphertext, nil
 }
 
 // AesDecrypt decrypts text and given key with AES.
+// It is only internally used at the moment to use "SECRET_KEY" for some database values.
 func AesDecrypt(key, text []byte) ([]byte, error) {
 	block, err := aes.NewCipher(key)
 	if err != nil {
@@ -43,7 +45,7 @@ func AesDecrypt(key, text []byte) ([]byte, error) {
 	}
 	iv := text[:aes.BlockSize]
 	text = text[aes.BlockSize:]
-	cfb := cipher.NewCFBDecrypter(block, iv)
+	cfb := cipher.NewCFBDecrypter(block, iv) //nolint:staticcheck // need to migrate and refactor to a new approach
 	cfb.XORKeyStream(text, text)
 	data, err := base64.StdEncoding.DecodeString(string(text))
 	if err != nil {

tests/integration/dump_restore_test.go

@@ -20,7 +20,6 @@ import (
 	base "code.gitea.io/gitea/modules/migration"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
-	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/services/migrations"
 
 	"github.com/stretchr/testify/assert"
@@ -43,10 +42,7 @@ func TestDumpRestore(t *testing.T) {
 
 		reponame := "repo1"
 
-		basePath, err := os.MkdirTemp("", reponame)
-		assert.NoError(t, err)
-		defer util.RemoveAll(basePath)
-
+		basePath := t.TempDir()
 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{Name: reponame})
 		repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 		session := loginUser(t, repoOwner.Name)
@@ -68,7 +64,7 @@ func TestDumpRestore(t *testing.T) {
 			CloneAddr:      repo.CloneLinkGeneral(t.Context()).HTTPS,
 			RepoName:       reponame,
 		}
-		err = migrations.DumpRepository(ctx, basePath, repoOwner.Name, opts)
+		err := migrations.DumpRepository(ctx, basePath, repoOwner.Name, opts)
 		assert.NoError(t, err)
 
 		//