Update golang:1.25.5-bookworm Docker digest to cbd59ce

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
golang	stage	digest	5117d68 -> cbd59ce

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🤖 Claude Code Review

Code Review Analysis

Overview

This PR updates the Go builder image SHA256 digest from 5117d68695f57faa6c2b3a49a6f3187ec1f66c75d5b080e4360bfe4c1ada398c to cbd59ce363d162d31192b1bcf928773b6f8490ffd529c51594fc4d4ba755b8a5 in two Dockerfile configurations. This appears to be a routine dependency update for the golang:1.25.5-bookworm base image.

---

Code Quality

✅ Code follows style guide

• The changes maintain consistency with the existing Dockerfile format
• ARG declarations follow the established pattern
• No style violations detected

✅ No commented-out code

• No commented code found in the diff

✅ Meaningful variable names

• Variable name IMAGE_BUILDER is clear and descriptive
• Follows the existing naming convention

✅ DRY principle followed

• The same change is appropriately duplicated across both Dockerfiles (Dockerfile and package.Dockerfile) as these are separate build configurations that need to stay in sync

✅ No defects identified

• Docker image digest update is straightforward
• No logic errors, race conditions, or security vulnerabilities introduced
• The version tag remains 1.25.5-bookworm, only the SHA256 digest changes (indicating a rebuild or patch of the same version)

✅ Project memory configuration

• No .claude/CLAUDE.md file found in the repository to consider

---

Testing

⚠️ Unit tests for new functions

• N/A - This is an infrastructure change (Docker base image update), not functional code
• Recommendation: Build verification should be performed to ensure the new image digest is valid and builds successfully

⚠️ Integration tests

• N/A - No new endpoints or functional changes

⚠️ Edge cases covered

• N/A - Infrastructure change only

⚠️ Test coverage > 80%

• N/A - No code changes affecting test coverage

Note: While automated tests aren't applicable, manual verification should confirm:

1. The new SHA256 digest is valid and pulls successfully
2. Builds complete without errors
3. Runtime behavior remains unchanged

---

Documentation

❌ CHANGELOG.md updated

• Issue: No CHANGELOG.md update detected in the diff
• Location: Root directory should contain CHANGELOG.md
• Recommendation: Add an entry documenting this dependency update, such as:

  ## [Unreleased]
  ### Changed
  - Updated golang:1.25.5-bookworm base image digest to cbd59ce

✅ Readme updated if needed

• No README update required for internal Docker image digest changes

✅ API docs updated

• No API changes, documentation update not needed

✅ Inline comments for complex logic

• Dockerfile changes are self-documenting; no complex logic requiring comments

✅ Markdown files formatting

• No markdown files modified in this PR

---

Security

✅ No hardcoded credentials

• No credentials present in the changes

✅ Input validation implemented

• N/A - No input handling code

✅ Proper error handling

• N/A - Dockerfile declarations don't require error handling

✅ No sensitive data in logs

• No logging code changes

✅ No license files or AQAAAD strings

• No .lic files or suspicious license strings detected in the diff

✅ Docker image integrity

• Using SHA256 digest pinning is a security best practice
• Ensures reproducible builds and prevents supply chain attacks
• Both Dockerfiles maintain consistent digest pinning approach

---

Summary

Overall Assessment: ✅ APPROVED with minor documentation request

Strengths

• Maintains security best practices with SHA256 digest pinning
• Consistent updates across both Dockerfile configurations
• No functional code changes that could introduce bugs

Required Action

• ❌ Update CHANGELOG.md to document this dependency change

Recommendations

1. Verify the new image digest builds successfully in CI/CD
2. Consider documenting why the digest changed (upstream rebuild, security patch, etc.) if known
3. Ensure both Dockerfiles continue to build and function correctly

Files Modified

• Dockerfile:5 - Updated IMAGE_BUILDER digest
• package.Dockerfile:6 - Updated IMAGE_BUILDER digest

---

Automated code review analyzing defects and coding standards