chore(deps): update electron to v42 and migrate to async safeStorage

[afonsojramos]

Summary

• Bumps electron from 41.5.0 to 42.0.0.
• Migrates src/main/handlers/storage.ts to the new async safeStorage.encryptStringAsync / decryptStringAsync introduced in electron/electron#49054, which uses os_crypt_async to discover Linux secret service providers via D-Bus instead of relying on XDG_CURRENT_DESKTOP.
• Fixes "Encryption is not available" on Linux tiling WMs (Hyprland, Sway, i3, etc.) — supersedes the D-Bus workaround proposed in fix: Improve password store detection on Linux tiling WMs #2785, which can now be closed.

Test plan

• `pnpm install` clean on Electron 42.0.0
• `pnpm test` — 933 tests / 133 files passing
• `pnpm lint:check` clean on changed files
• Manual verification of login flow on Linux Hyprland / macOS / Windows

[afonsojramos]

@BlueManCZ can you test this branch to validate that it indeed works?

[setchy]

Awesome!!! From memory there may be a website FAQ re Linux flags we can cleanup now, too!

[BlueManCZ]

@afonsojramos Pulled this down locally and the dev build fails to authenticate — Octokit throws Token passed to createTokenAuth is not a string.

The cause is in src/main/handlers/storage.ts: safeStorage.decryptStringAsync doesn't return a string like the sync decryptString did — it returns { shouldReEncrypt: boolean, result: string } (Electron docs). The current handler returns the whole object, so the renderer ends up storing/passing that object as the token.

Minimum fix is to unwrap .result before returning. Worth also handling shouldReEncrypt — when it's true, re-encrypt the token and persist it so we transparently roll forward when the OS keychain rotates keys.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[setchy]

Awesome!!! From memory there may be a website FAQ re Linux flags we can cleanup now, too!

This one: https://gitify.io/faq/#encryption-not-available-linux

[afonsojramos]

@BlueManCZ great catch, thanks for pulling it down and digging in.

You were right, fixed in e1049f5. It now unwraps .result now. also tightened the mock typing in storage.test.ts (satisfies Pick<SafeStorage, ...>) so this exact drift fails at tsc time next round.

On the re-encrypt-and-persist piece - leaving it as a follow-up since it touches the renderer’s auth store.

[BlueManCZ]

Thank you for the changes. I can confirm that it works now without any issues on Hyprland. No need for the --password-store flag anymore.