chore(deps): update rust:1.90.0-alpine3.21 docker digest to 1b3ecdc

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
rust	final	digest	85ef0da -> 1b3ecdc

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Pull Request Review

Summary

This PR updates the Docker digest for the rust:1.90.0-alpine3.21 base image from 85ef0da to 1b3ecdc across all CI Dockerfiles. This is an automated dependency update from Renovate.

Code Quality and Best Practices ✅

• Consistency: All 5 Dockerfiles are updated uniformly, maintaining consistency across the CI pipeline
• Pin Strategy: The PR correctly uses digest pinning (SHA256 hashes) in addition to version tags, which is a security best practice for reproducible builds
• Scope: Changes are minimal and focused, affecting only the Docker image digest

Potential Bugs or Issues ✅

• No code changes: Since this only updates the Docker base image digest and doesn't modify any application code, there's minimal risk of introducing bugs
• Same version: The Rust version remains 1.90.0-alpine3.21, so no compatibility issues expected
• Files affected: All CI-related Dockerfiles are updated:
  • ci/check-rust-formatting.Dockerfile
  • ci/check-rust-linting.Dockerfile
  • ci/compile.Dockerfile
  • ci/fix-rust-formatting.Dockerfile
  • ci/unit-test.Dockerfile

Performance Considerations ✅

• No performance impact: Docker digest updates typically don't affect performance
• Build reproducibility: Using digest pins ensures identical builds across environments

Security Concerns ✅

• Security improvement: Updating to a newer digest of the same version may include security patches in the base Alpine image
• Digest pinning: Maintains strong security posture by preventing tag hijacking attacks
• Verification: Renovate automatically verifies the digest corresponds to the correct image

Test Coverage ✅

• CI validation: The PR will run through the existing CI pipeline which includes:
  • Rust formatting checks
  • Rust linting (clippy)
  • Compilation
  • Unit tests
• No new tests needed: This is an infrastructure update that doesn't require additional test coverage

Recommendation: APPROVE ✅

This is a low-risk, routine dependency update that follows best practices. The changes are:

• Automated and verified by Renovate
• Consistent across all affected files
• Security-conscious with digest pinning
• Will be validated by existing CI checks

The PR can be safely merged once CI passes.

---

Review generated with Claude Code