fix(updater): prevent downgrade notifications when on newer version

[mateuszruszkowski]

Summary

Fixes an issue where users on a newer local version than the latest published release would incorrectly receive "update available" notifications suggesting a downgrade.

Changes:

• Add semver comparison logic to checkForUpdates() in app-updater.ts
• Use semver.gt() to detect when local version is already newer than latest release
• Log informational message when skipping downgrade notification

Example scenario: User is on v2.8.5-beta (local build) and latest release is v2.8.4 - previously this would show an update notification to "upgrade" to v2.8.4.

Test plan

• Verify no update notification appears when local version > latest release
• Verify update notification still appears when local version < latest release
• Verify equal versions show no notification

🤖 Generated with Claude Code

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

Summary by CodeRabbit

• Bug Fixes
  • Improved update logic to consistently ignore and warn about non-newer releases, preventing downgrade notifications.
  • Unified update checks across all update paths so only legitimately newer versions trigger prompts, downloads, and notifications.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[gemini-code-assist]

Summary of Changes

Hello @mateuszruszkowski, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an issue where the application's updater would incorrectly notify users about available updates that were actually older than their current local version. By integrating robust semantic version comparison, the system now intelligently determines if an update is truly an upgrade, thereby preventing misleading downgrade prompts and ensuring a more accurate update experience.

Highlights

• Prevent Downgrade Notifications: Implemented semantic version comparison logic within the update-available event handler to ensure that update notifications are only displayed when the available version is strictly newer than the currently installed local version. This prevents users from being prompted to 'downgrade'.
• Prevent Downgrade Downloads: Extended the semantic version comparison to the update-downloaded event handler, ensuring that even if an older version is somehow downloaded, it will not be processed or offered for installation if the local version is already newer or the same.
• Informative Logging: Added console warnings to log when an update check or downloaded update is ignored because the current local version is already newer or the same as the available update, providing better visibility into the updater's decision-making.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

Adds an isUpdateNewer(latestVersion, currentVersion) helper and uses it to guard three updater flows (update-available, update-downloaded, and checkForUpdates), skipping processing and emitting warnings when the available/downloaded version is not newer than the current version.

Changes

Cohort / File(s)	Summary
Version comparison guards in app updater apps/frontend/src/main/app-updater.ts	Introduced isUpdateNewer (semver comparison) and replaced inline comparisons with it across three sites: update-available, update-downloaded, and checkForUpdates. Each site now skips non-newer versions and logs a warning instead of proceeding.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix(updater): proper semver comparison for pre-release versions #313 — Related change in the same file replacing string/version inequality checks with semver-aware comparisons.

Suggested labels

bug, area/frontend, size/XS, ✅ Ready for Review, confirmed

Suggested reviewers

• AlexMadera
• AndyMik90

Poem

🐇 I hopped through code to check the score,
Comparing versions, newer or before,
I warn and skip the downgrades sly,
So updates climb and troubles fly—
Hooray for safer installs! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: preventing downgrade notifications when users are on a newer version than the latest release.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request correctly addresses an issue where downgrade update notifications were being shown. The added semver comparison in both update-available and update-downloaded event handlers effectively prevents this. My main feedback is to refactor the duplicated version-checking logic into a shared helper function to improve code maintainability and ensure consistent logging. Overall, this is a good fix.

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

apps/frontend/src/main/app-updater.ts (2)

501-523: Critical: Intentional downgrade flow may be broken by the new semver guards.

The downloadStableVersion function is designed to allow users to downgrade from beta to stable. However, the new semver guards in the update-downloaded event handler (lines 139-142) will return early when the downloaded stable version is "older" than the current beta version, preventing the UI from showing the install prompt.

Example scenario:

1. User is on v2.8.5-beta
2. User disables beta updates and triggers downloadStableVersion()
3. Stable version v2.8.4 is downloaded
4. update-downloaded fires, but the semver check sees v2.8.4 < v2.8.5-beta and returns early
5. User never sees the install prompt for the intentional downgrade

🐛 Suggested fix - check allowDowngrade flag

  autoUpdater.on('update-downloaded', (info) => {
    const currentVersion = autoUpdater.currentVersion.version;
    const latestVersion = info.version;

    // Use proper semver comparison to detect if update is actually newer
    // This prevents offering downgrades (e.g., v2.7.4 when on v2.7.5)
+   // Skip this check if allowDowngrade is explicitly enabled (intentional downgrade)
    const isNewer = compareVersions(latestVersion, currentVersion) > 0;

-   if (!isNewer) {
+   if (!isNewer && !autoUpdater.allowDowngrade) {
      console.warn(`[app-updater] Ignoring downloaded update ${latestVersion} - current version ${currentVersion} is same or newer`);
      return;
    }

Apply the same fix to the update-available handler (lines 115-118).

---

105-128: Early return doesn't prevent download when autoDownload is enabled.

When autoDownload is set to true (line 35), electron-updater automatically downloads updates upon detecting them, regardless of whether the update-available event handler returns early. The early return here prevents the UI notification but does not prevent the download from starting in the background—potentially wasting bandwidth if a non-newer version is detected.

To fully prevent unnecessary downloads, consider disabling automatic downloads and manually triggering them after version validation:

1. Set autoDownload = false and call downloadUpdate() only after confirming the version is newer, or
2. Accept that downloads may occur silently without user notification (current behavior).

🤖 Fix all issues with AI agents

In `@apps/frontend/src/main/app-updater.ts`:
- Around line 131-142: Extract the repeated semver check into a helper function
(e.g., isUpdateNewer(latestVersion: string, currentVersion: string): boolean)
that returns compareVersions(latestVersion, currentVersion) > 0; replace the
inline checks in the update handlers (including the
autoUpdater.on('update-downloaded', ...) block that uses compareVersions and the
two other places where the same pattern is used) with calls to
isUpdateNewer(...) and keep the same warning behavior and message formatting
(including latestVersion and currentVersion) so all three locations reuse the
single helper.

[AndyMik90]

🤖 Auto Claude PR Review

Merge Verdict: 🟠 NEEDS REVISION

🟠 Needs revision - 1 structural/other issue(s) require attention.

Branch is out of date with base branch. Update branch first - if no conflicts arise, you can merge. If merge conflicts arise, resolve them and run follow-up review again. 1 non-blocking suggestion(s) to consider.

Risk Assessment

Factor	Level	Notes
Complexity	Low	Based on lines changed
Security Impact	None	Based on security findings
Scope Coherence	Good	Based on structural review

🚨 Blocking Issues (Must Fix)

• Branch Out of Date: PR branch is behind the base branch and needs to be updated

Findings Summary

• Low: 1 issue(s)

---

Generated by Auto Claude PR Review

Findings (1 selected of 1 total)

🔵 [02206f412f3d] [LOW] [Potential] Auto-download may still download non-newer versions

📁 apps/frontend/src/main/app-updater.ts:35

With autoUpdater.autoDownload = true (line 35), electron-updater initiates downloads automatically when it detects an 'update' is available. The version comparison check at lines 111-118 only prevents the UI notification from being shown - it does not cancel a download that has already been initiated by electron-updater's internal logic. This means bandwidth and disk space may be used downloading versions that won't be installed. However, this is a minor optimization concern since: (1) the scenario only occurs when electron-updater incorrectly reports an older version as an update, (2) the downloaded file won't be installed due to the check in update-downloaded handler, and (3) the PR's stated goal of preventing downgrade notifications IS achieved.

Suggested fix:

To fully prevent downloading non-newer versions, set `autoDownload = false` and manually call `downloadUpdate()` only after the version comparison passes. However, this is optional since the current implementation achieves the PR's goal.

---

This review was generated by Auto Claude.