Update tool dependencies and fix new lint issues (#36702)

## Summary - Update golangci-lint v2.9.0 → v2.10.1, misspell v0.7.0 → v0.8.0, actionlint v1.7.10 → v1.7.11 - Fix 20 new QF1012 staticcheck findings by using `fmt.Fprintf` instead of `WriteString(fmt.Sprintf(...))` - Fix SA1019: replace deprecated `ecdsa.PublicKey` field access with `PublicKey.Bytes()` for JWK encoding, with SEC 1 validation and curve derived from signing algorithm - Add unit test for `ToJWK()` covering P-256, P-384, and P-521 curves, also verifying correct coordinate padding per RFC 7518 - Remove dead staticcheck linter exclusion for "argument x is overwritten before first use" ## Test plan - [x] `make lint-go` passes with 0 issues - [x] `go test ./services/oauth2_provider/ -run TestECDSASigningKeyToJWK` passes for all curves 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-08 04:44:33 +00:00 · 2026-02-26 20:13:19 +01:00
parent 26d83c932a
commit f7f55a356f
16 changed files with 95 additions and 30 deletions
--- a/modules/git/foreachref/format.go
+++ b/modules/git/foreachref/format.go
@@ -53,7 +53,7 @@ func (f Format) Flag() string {
 	var formatFlag strings.Builder
 	for i, field := range f.fieldNames {
 		// field key and field value
-		formatFlag.WriteString(fmt.Sprintf("%s %%(%s)", field, field))
+		fmt.Fprintf(&formatFlag, "%s %%(%s)", field, field)

 		if i < len(f.fieldNames)-1 {
 			// note: escape delimiters to allow control characters as