chore(deps): update docker.io/library/alpine docker tag to v3.23

[EpochBoy]

This PR contains the following updates:

Package	Type	Update	Change
docker.io/library/alpine	final	minor	3.21 → 3.23

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[Copilot]

Pull request overview

This PR updates the Alpine Linux base image in the Dockerfile from version 3.21 to 3.23, as generated by Renovate Bot. The update also adds a SHA256 digest pin to ensure image integrity.

• Updates the runtime stage base image from Alpine 3.21 to Alpine 3.23
• Adds SHA256 digest pinning for improved security and reproducibility

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[proxlab]

🏗️ Application Build Results

Status	⚠️ Build successful with findings
Image	registry.epoch.engineering/epochcloud/epochcloud-test:693f03b
Commit	693f03b on renovate/docker.io-library-alpine-3.x
Workflow	build-pr-epochcloud-test-22-plwqj

Security Scan Results

Status	Tool	Result
❌	Semgrep	Findings
✅	TruffleHog	Passed
✅	OSV-Scanner	Passed
✅	Buildah	Passed
✅	Trivy	Passed
✅	Grype	Passed
✅	Syft	Passed
✅	Cosign	Passed

📋 What do these tools do?

Tool	Purpose
Semgrep	Static Application Security Testing (SAST)
TruffleHog	Secret detection in code
OSV-Scanner	Software Composition Analysis (SCA)
Buildah	Container image build
Trivy	Container vulnerability scanning
Grype	SBOM-based vulnerability scanning
Syft	Software Bill of Materials generation
Cosign	Container image signing

---

Updated by Application Build Pipeline at 2026-01-09 08:35:22 UTC