Update alpine:3.23 Docker digest to 2510918

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
alpine	final	digest	865b95f → 2510918

---

Configuration

📅 Schedule: Branch creation - "before 9am every weekday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Pull Request Review: Alpine 3.23 Digest Update

Summary

This PR updates the Alpine Linux 3.23 base image digest from 865b95f to 2510918. This is an automated dependency update from Renovate bot.

Code Quality: ✅ APPROVED

Positive aspects:

• Clean, minimal change updating only the digest hash
• Maintains the pinned version strategy (alpine:3.23@sha256:...) which is a security best practice
• No functional code changes, purely a base image update

Security: ✅ GOOD

Strengths:

• Using digest pinning prevents image tag hijacking attacks
• Alpine is a security-focused minimal distribution
• Regular updates help incorporate security patches

Recommendation: Before merging, verify the Alpine release notes for this digest to ensure no breaking changes in system utilities that the plugin depends on (iptables, iproute2, util-linux).

Testing Considerations: ⚠️ NEEDS VERIFICATION

Since this updates the runtime environment, recommend running the standard test suite before merge:

make reinstall
make test-network test-container

Critical components to test:

1. iptables compatibility - The plugin relies on iptables-nft symlinks (Dockerfile:27-28). Verify Alpine's iptables package version hasn't changed behavior
2. iproute2 functionality - Used for veth networking in pkg/netutil/veth.go
3. Tailscale binary compatibility - Ensure downloaded binaries still work on this Alpine version

Potential Issues: ℹ️ LOW RISK

Alpine typically maintains excellent backwards compatibility within minor versions (3.23.x), so risk is minimal. However:

• If Alpine updated any of the networking packages (iptables, iproute2), subtle behavioral changes could affect:
  • NAT/masquerading rules (used for container internet access)
  • Veth pair creation and IP assignment
  • Routing table manipulation

Performance: ✅ NEUTRAL

No expected performance impact from a digest update within the same Alpine version.

Recommendations

1. Before merge: Run the full test suite, especially network functionality tests
2. Monitor: After deployment, watch for any iptables or routing-related errors in plugin logs
3. Rollback plan: Keep the old digest handy in case issues arise: sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62

Verdict: APPROVE with Testing

This is a routine maintenance update that should be merged after validation. The change itself is correct and follows best practices. The main risk is environmental (Alpine package updates), not code quality.

---

Review generated based on CLAUDE.md guidelines and codebase analysis