If you're using the Docker executor, your image contents may change if you specify an image tag, such as
node:latest. If you believe one of these images changed between two of your jobs, you can confirm this by comparing the image Secure Hashing Algorithm ID (SHA-256) in the two jobs. This is printed in the "spin up environment" section.
CircleCI and other image maintainers may introduce changes that change the contents of a tag like
latest. Usually, this is done to fix bugs or introduce newer versions of essential software, like git and package managers for a language.
You can pin your job to run with a specific image SHA-256, which will guarantee the image won't change unless you update it yourself. This is done by removing the tag (e.g
latest) and replacing it with the SHA-256 of the image, prefixed with
docker: - image: circleci/ruby@sha256:4be65b406f7402b5c4fd5df7173d2fd7ea3fdaa74d9c43b6ebd896197a45c448