Update debian:bookworm-slim Docker digest to 56ff6d3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
debian	final	digest	d5d3f9c → 56ff6d3

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Version Change:

• Old Image: Debian 12.12 (bookworm-slim) - Built December 29, 2025
• New Image: Debian 12.13 (bookworm-slim) - Built January 12, 2026

Debian 12.13 Point Release (January 10, 2026):

This is a standard Debian point release that includes security patches and critical bug fixes. The update follows Debian's stable release model, which maintains backward compatibility.

Key Security Updates Include:

• Web & Application Servers: Apache2, nginx, HAProxy, Squid, Jetty9
• Cryptography & Security: OpenSSL, GnuPG2, OpenVPN, libssh (memory safety fixes)
• Browsers & Media: Chromium, Firefox-ESR, Thunderbird, VLC
• Database Systems: PostgreSQL-15, Redis, PgBouncer
• System Components: Linux kernel, containerd, LXD, QEMU, Intel microcode
• Development Libraries: GLib2.0, LibXML2, ImageMagick, GIMP, OpenJDK-17

Coverage: 90+ individual Debian Security Advisories (DSA-5979 through DSA-6090)

Image Details:

• Size: ~71.34 MB (both versions)
• Package Count: 88 packages (unchanged)
• Architecture: linux/amd64
• No breaking changes in the base image structure

🎯 Impact Scope Investigation

Direct Impact:

• Affected File: repo/Dockerfile:1 only
• This is the only Debian base image digest change in this PR
• Other Dockerfiles in the project use different base images:
  • api/Dockerfile uses buildpack-deps:bookworm and node:20.19.6-bookworm-slim
  • builder/Dockerfile uses ghcr.io/codize-dev/piston

Usage Context:
The repo/Dockerfile is used to build the repo-builder image that:

• Installs build tools and development dependencies
• Provides the environment for building language packages
• Is triggered by the repo-push.yaml workflow on changes to repo/**

Dependency Analysis:
The Dockerfile installs the following packages that received security updates:

• libssl-dev (OpenSSL)
• libxml2, libxml2-dev (LibXML2)
• gnupg (GnuPG2)
• Various other system libraries

All these packages will be updated to their patched versions when the new base image is rebuilt, providing enhanced security.

Build & Runtime Impact:

• No API changes in system libraries
• No changes to package manager behavior
• No modifications to filesystem structure
• The image size remains virtually identical (71.34 MB)
• Same number of base packages (88)

💡 Recommended Actions

Immediate Actions:

1. ✅ Merge this PR - This is a standard security update with no breaking changes
2. The digest update will automatically trigger the repo-push.yaml workflow to rebuild the repo-builder image
3. Monitor the CI/CD pipeline to ensure the image builds successfully

Post-Merge Verification:

1. Verify that the repo-builder image builds successfully in the GitHub Actions workflow
2. Confirm that language package builds continue to work as expected
3. No code changes or configuration updates are required

No Manual Migration Required:

• The base image update is a drop-in replacement
• All installed packages maintain API compatibility
• No Dockerfile syntax changes needed
• No application code modifications required

🔗 Reference Links

• Debian 12.13 Release Announcement
• Debian Bookworm Release Information
• Debian Security Updates Index
• Docker Library Debian Info

Generated by koki-develop/claude-renovate-review