Built images missing fixes

[MikeMcC399]

Current behavior

• Current Cypress Docker images are missing available fixes for Debian critical vulnerabilities. Although the CircleCI test check-factory-versions triggered by PR https://github.com/cypress-io/cypress-docker-images/pull/1216 https://app.circleci.com/pipelines/github/cypress-io/cypress-docker-images/2276/workflows/915912c6-727a-4e36-8ed3-04ae68e8abe8/jobs/69685 showed git version 2.39.5, in fact cypress/included:13.15.0 was published with git version 2.39.2.

• See https://github.com/cypress-io/cypress-docker-images/issues/1217 for additional details.

Desired behavior

When Cypress Docker images are built for publication using

docker buildx bake -f ./docker-compose.yml --progress plain --set *.platform=linux/arm64,linux/amd64 --push included

they should be published with up-to-date available Debian fixes.

The versions shown by the CircleCI job check-factory-versions should match the versions included in Cypress Docker images published to the Docker repositories.

Test code to reproduce

Compare the output

git version 2.39.2 of

docker run --rm --entrypoint git cypress/included:13.15.0 "--version"

with https://app.circleci.com/pipelines/github/cypress-io/cypress-docker-images/2276/workflows/915912c6-727a-4e36-8ed3-04ae68e8abe8/jobs/69685 showing

git version 2.39.5

Debug Logs

See "Building Docker image for target included" https://app.circleci.com/pipelines/github/cypress-io/cypress-docker-images/2276/workflows/915912c6-727a-4e36-8ed3-04ae68e8abe8/jobs/69692

Other

[MikeMcC399]

This is a mixture of a documentation issue and the fact that the CI tests seem to be carried out using Debian packages which may not be part of the published images.

Closing here for clarity's sake and I will describe the issue separately from a different standpoint.