feat: add 48h delay for the upgrade cli warning

[luizbafilho]

Description 📣

Reduces CLI update notification frequency by only prompting users when a new release is at least 48 hours old. This prevents excessive notifications for very recent releases while still keeping users informed about updates.

Additionally, adds support for urgent releases via a #urgent tag in the release notes body, which bypasses the 48-hour delay for critical updates that need immediate user attention.

Changes

• Add 48-hour release age threshold before showing update prompts
• Parse published_at timestamp from GitHub API response
• Add #urgent tag detection in release body to bypass the delay
• Update getLatestTag return signature to include parsed timestamp and urgency flag
• Remove unused commented-out daysSinceDate function

Type ✨

• Bug fix
• New feature
• Improvement
• Breaking change
• Documentation

Tests 🛠️

Manual testing:

# Build the CLI
go build -o infisical-test .

# Run and verify update message appears (release is >48h old)
./infisical-test help 2>&1 >/dev/null
# Output: A new release of infisical is available: devel -> 0.43.47

The update prompt correctly appears because the latest release (v0.43.47) is more than 48 hours old. Urgent release behavior can be tested by adding #urgent to a release's body.

---

• I have read the contributing guide, agreed and acknowledged the code of conduct. 📝

[greptile-apps]

Greptile Summary

Improves CLI update notification UX by adding a 48-hour delay before prompting users about new releases. This prevents notification fatigue from very recent releases while maintaining awareness of updates. Includes an #urgent tag mechanism in release notes to bypass the delay for critical updates.

Key changes:

• Modified getLatestTag() to parse published_at timestamp and check for #urgent tag in release body
• Added time-based filtering: only show update prompts for releases older than 48 hours
• Urgent releases bypass the 48-hour delay via #urgent tag detection
• Removed unused commented-out daysSinceDate function

Security note: The #urgent tag relies on simple string matching in GitHub release notes. Anyone with write access to the repository can mark releases as urgent, which could be exploited if an account is compromised. Consider additional safeguards for production critical releases.

Confidence Score: 3/5

• This PR is safe to merge with awareness of the security consideration around the #urgent tag mechanism
• The implementation is straightforward and clean. The 48-hour delay logic is correct, time parsing uses standard RFC3339 format, and error handling is appropriate. The main concern is that the #urgent tag can be set by anyone with repository write access, which could be exploited if an account is compromised. This is a design tradeoff worth documenting but not a blocking issue for typical usage. No breaking changes or logic errors detected.
• No files require special attention beyond the security consideration noted in comments

Important Files Changed

Filename	Overview
packages/util/check-for-update.go	Added 48-hour delay for update prompts with #urgent tag bypass. Minor security concern with tag injection vulnerability, otherwise implementation is clean.

[greptile-apps]

_{1 file reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}