Fix: Version downgrade prevention - validate cache and add running version checks

## Changes
- **CheckForUpdatesJob**: Add triple version comparison (CDN vs cache vs running)
  - Never allows version downgrade from currently running version
  - Uses data_set() for safer nested array mutation
  - Prevents incorrect new_version_available flag setting

- **UpdateCoolify**: Add cache validation before fallback
  - Validates cache against running version on CDN failure
  - Throws exception if cache is corrupted/older than running
  - Applies to both manual and automated updates

- **Tests**: Add comprehensive test coverage
  - tests/Unit/CheckForUpdatesJobTest.php (5 tests)
  - tests/Unit/UpdateCoolifyTest.php (3 tests)

## Impact
- Prevents all downgrade scenarios (CDN rollback, corrupted cache, etc.)
- Maintains backward compatibility
- Provides clear logging for debugging

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

app/Actions/Server/UpdateCoolify.php

@@ -42,12 +42,46 @@ class UpdateCoolify
                 $this->latestVersion = data_get($versions, 'coolify.v4.version');
             } else {
                 // Fallback to cache if CDN unavailable
-                Log::warning('Failed to fetch fresh version from CDN (unsuccessful response), using cache');
-                $this->latestVersion = get_latest_version_of_coolify();
+                $cacheVersion = get_latest_version_of_coolify();
+
+                // Validate cache version against current running version
+                if ($cacheVersion && version_compare($cacheVersion, config('constants.coolify.version'), '<')) {
+                    Log::error('Failed to fetch fresh version from CDN and cache is corrupted/outdated', [
+                        'cached_version' => $cacheVersion,
+                        'current_version' => config('constants.coolify.version'),
+                    ]);
+                    throw new \Exception(
+                        'Cannot determine latest version: CDN unavailable and cache version '.
+                        "({$cacheVersion}) is older than running version (".config('constants.coolify.version').')'
+                    );
+                }
+
+                $this->latestVersion = $cacheVersion;
+                Log::warning('Failed to fetch fresh version from CDN (unsuccessful response), using validated cache', [
+                    'version' => $cacheVersion,
+                ]);
             }
         } catch (\Throwable $e) {
-            Log::warning('Failed to fetch fresh version from CDN, using cache', ['error' => $e->getMessage()]);
-            $this->latestVersion = get_latest_version_of_coolify();
+            $cacheVersion = get_latest_version_of_coolify();
+
+            // Validate cache version against current running version
+            if ($cacheVersion && version_compare($cacheVersion, config('constants.coolify.version'), '<')) {
+                Log::error('Failed to fetch fresh version from CDN and cache is corrupted/outdated', [
+                    'error' => $e->getMessage(),
+                    'cached_version' => $cacheVersion,
+                    'current_version' => config('constants.coolify.version'),
+                ]);
+                throw new \Exception(
+                    'Cannot determine latest version: CDN unavailable and cache version '.
+                    "({$cacheVersion}) is older than running version (".config('constants.coolify.version').')'
+                );
+            }
+
+            $this->latestVersion = $cacheVersion;
+            Log::warning('Failed to fetch fresh version from CDN, using validated cache', [
+                'error' => $e->getMessage(),
+                'version' => $cacheVersion,
+            ]);
         }
 
         $this->currentVersion = config('constants.coolify.version');