updated WhatsNew notification to include BREAKING CHANGE alert

[CodeWithCJ]

Tip

Help us review and merge your PR faster!
Please ensure you have completed the Checklist below.
For Frontend changes, please run pnpm run validate to check for any errors.
PRs that include tests and clear screenshots are highly preferred!
Note: AI-generated descriptions must be manually edited for conciseness. Do not paste raw AI summaries.

Description

What problem does this PR solve?
(Keep it concise. 1–2 sentences.)

How did you implement the solution?
(Brief technical approach.)

Linked Issue: Closes #

How to Test

1. Check out this branch and run ...
2. Navigate to...
3. Verify that...

PR Type

• Issue (bug fix)
• New Feature
• Refactor
• Documentation

Checklist

All PRs:

• [MANDATORY - ALL] Integrity & License: I certify this is my own work, free of malicious code, and I agree to the License terms.

New features only:

• [MANDATORY for new feature] Alignment: I have raised a GitHub issue and it was reviewed/approved by maintainers or it was approved on Discord.

Frontend changes (SparkyFitnessFrontend/):

• [MANDATORY for Frontend changes] Quality: I have run pnpm run validate and it passes.
• [MANDATORY for Frontend changes] Translations: I have only updated the English (en) translation file.

Backend changes (SparkyFitnessServer/):

• [MANDATORY for Backend changes] Code Quality: I have run typecheck, lint, and tests. New files use TypeScript, new endpoints have Zod schemas, and new endpoints include tests.
• [MANDATORY for Backend changes] Database Security: I have updated rls_policies.sql for any new user-specific tables.

UI changes (components, screens, pages):

• [MANDATORY for UI changes] Screenshots: I have attached Before/After screenshots below.

Mobile changes (SparkyFitnessMobile/):

• [MANDATORY for Mobile changes] Tested on device or emulator: I have verified the changes work on iOS or Android.

Screenshots

Click to expand

Before

After

Notes for Reviewers

Optional — use this for anything that doesn't fit above: known tradeoffs, areas you'd like specific feedback on, qustions you have or context that helps reviewers.

[github-actions]

PR Validation Results

Change Detection

• 🖥️ Frontend changes detected
• ⚙️ Backend changes detected

⚠️ Recommendations (1)

• Please link a related GitHub issue (Linked Issue: Closes #123).

✅ All required checks passed.

[gemini-code-assist]

Code Review

This pull request introduces a new release dialog in the frontend to display GitHub release notes using markdown, complete with scroll-to-read acknowledgement and breaking-change confirmation. In the backend, it updates the version service to fetch and cache the latest GitHub release with a direct HTTPS fallback. Key feedback includes addressing potential NaN comparisons in version parsing for pre-release tags, preventing socket leaks on non-2xx direct fetch responses, replacing a fragile setTimeout with a ResizeObserver for scroll detection, fixing a regex bug that double-wraps already-linked GitHub usernames, securing the public endpoint against cache-bypass DoS attacks, and internationalizing hardcoded 'What's New' strings.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

When the HTTP response status code is not 2xx, the response stream is discarded without being consumed. In Node.js, this can cause the underlying socket to remain open, leading to resource/socket leaks. Calling res.resume() consumes the stream and safely releases the socket.

Suggested change

	if (res.statusCode && (res.statusCode < 200 || res.statusCode >= 300)) {
	reject(new Error(`Direct fetch failed with status: ${res.statusCode}`));
	return;
	}
	if (res.statusCode && (res.statusCode < 200 || res.statusCode >= 300)) {
	res.resume();
	reject(new Error("Direct fetch failed with status: " + res.statusCode));
	return;
	}

[gemini-code-assist]

The username mention regex matches @username even if it is already part of a markdown link (e.g., [@username](url)), which results in broken double-wrapped markdown links like [[@username](url)](url). Excluding [ from the preceding character class prevents matching usernames that are already linked.

Suggested change

	formatted = formatted.replace(
	/(^|[^a-zA-Z0-9_])@([a-zA-Z0-9-]+)/g,
	'$1[@$2](https://github.com/$2)'
	);
	formatted = formatted.replace(
	/(^|[^a-zA-Z0-9_\[])@([a-zA-Z0-9-]+)/g,
	"$1[@$2](https://github.com/$2)"
	);

[gemini-code-assist]

Allowing any unauthenticated public user to bypass the GitHub API cache via the bypassCache query parameter exposes the server to rate-limiting or Denial of Service (DoS) attacks on the GitHub API. It is safer to remove this option from the public endpoint or restrict it to authenticated administrators.

Suggested change

	const bypassCache = req.query.bypassCache === 'true';
	const latestRelease =
	await versionService.getLatestGitHubRelease(bypassCache);
	const latestRelease =
	await versionService.getLatestGitHubRelease(false);