As it can be seen in dockerfile of image you shared, it has alpine linux image as a base image and doesn't have any removal steps of apk. Also it has two arguments at the beginning of a dockerfile which then are used for installing the nmap within this image:
ARG nmap_ver=7.91
ARG build_rev=4
Which means you can download this Dockerfile, change version in this Dockerfile locally to which one you want to have, then build an image:
docker build -t nmap_myversion .
And then run a container with your own image:
docker run -d --name my_nmap nmap_myversion
To answer your question updating software in already created image is not a good approach because it will create a new layer in your docker container which will be lost after a container deletion. Best option is to have this done in the image. Good example is how this nmap image is created (see Dockerfile above)