Code Review: Update Rust Docker Tag to v1.91

Summary

This PR updates the Rust Docker base image from 1.89-slim-bookworm to 1.91-slim-bookworm in the multi-stage Dockerfile build process. This is an automated dependency update from Renovate.

✅ Code Quality & Best Practices

Positive aspects:

• Clean, minimal change that updates only the necessary version number
• Follows semantic versioning pattern
• Consistent with previous Rust version updates (as seen in CHANGELOG.md)
• Multi-stage build pattern is well-structured and efficient

Observations:

• The change is isolated to the Docker build stage and doesn't affect the CI/CD pipeline, which uses stable toolchain via dtolnay/rust-toolchain@stable

⚠️ Potential Issues

Version Compatibility Concern:

The workspace Cargo.toml specifies rust-version = "1.86" (line 8), but this PR updates the Docker image to Rust 1.91. While this is generally safe (newer Rust versions maintain backward compatibility), there's an inconsistency:

• Docker build: Will use Rust 1.91
• MSRV declaration: States minimum of 1.86
• CI pipeline: Uses latest stable (currently 1.83+)

Recommendation: Consider whether to:

1. Update rust-version in Cargo.toml to 1.91 to maintain consistency, OR
2. Keep MSRV at 1.86 for broader compatibility (current approach is acceptable)

The current approach is safe since Rust maintains strong backward compatibility, but it creates a gap of 5 minor versions between MSRV and Docker image.

🔒 Security Considerations

Positive:

• ✅ Using slim Debian Bookworm base reduces attack surface
• ✅ Newer Rust versions include security fixes and improvements
• ✅ Bookworm is the current stable Debian release

No security concerns identified - this update likely includes security patches from Rust 1.90 and 1.91 releases.

⚡ Performance Considerations

Potential benefits:

• Rust 1.90 and 1.91 may include compiler optimizations and improved build times
• No breaking changes expected that would impact runtime performance
• The multi-stage build pattern efficiently separates build and runtime environments

No performance concerns identified.

🧪 Test Coverage

Current state:

• CI pipeline tests will run against the stable toolchain (not the Docker-specific version)
• Docker builds occur after merge to main/next branches
• No specific tests for different Rust versions in the test suite

Recommendations:

1. ✅ Monitor the Docker build after merge to ensure successful image creation
2. Consider adding a CI job that tests against the same Rust version used in the Dockerfile if strict version parity is important
3. The existing test suite (cargo test --all-targets --all-features) should validate functionality

📋 Additional Notes

From renovate.json analysis:

• Docker updates are labeled appropriately (dependencies, docker, renovate)
• No auto-merge is configured for Docker images (requires manual approval) ✅
• This follows the project's dependency update strategy

Historical context:
The project has consistently updated Rust versions (1.80 → 1.81 → 1.82 → 1.83 → 1.84 → 1.85 → 1.86 → 1.87 → 1.88 → 1.89 → 1.91), skipping 1.90.

✅ Verdict

LGTM with minor observation

This is a safe, straightforward dependency update. The only consideration is the version gap between MSRV (1.86) and Docker image (1.91), which is acceptable given Rust's stability guarantees.

Suggested action:

• Merge when CI passes
• Monitor the Docker build on main branch
• Optionally update rust-version in Cargo.toml to 1.91 in a follow-up if you want strict version alignment

Files reviewed:

• Dockerfile:8 - Docker base image version update

Change impact: Low risk, build-time only