feat(dashboard): implement supply chain dependency diff

[lakshay122007]

Before opening: make sure there is an issue tracking this work, and link it below. PRs without a linked issue may be closed without review.

Linked issue

Closes #43

What this PR does

Introduces a Supply Chain Diff feature to the dashboard. It calculates and visualizes vulnerabilities introduced or resolved in dependencies between the two most recent scans. This provides immediate visibility into the security impact of package version bumps without requiring manual comparison.

Type of change

• Bug fix
• New feature
• ML model / training pipeline
• Refactor (no behaviour change)
• Documentation
• Tests only

ML tier (if applicable)

• Tier 1 — Triage
• Tier 2 — Predictive
• Tier 3 — Autonomous
• Not ML-related

---

Changes

Backend

• Modified /scan and /scan-url endpoints in main.py to safely extract and store OSV package metadata.
• Built a diffing engine get_dependency_diff() in db.py that queries the two most recent jobs and groups dependency findings into introduced, resolved, and persistent arrays based on a (rule_id, package_name) tuple.
• Exposed the new GET /dependency-diff API endpoint.

Frontend

• Added getDependencyDiff and strict TypeScript interfaces to api.ts.
• Created dependency-diff.tsx, a new Tailwind component featuring a responsive, scrollable side-by-side grid to handle massive vulnerability lists without breaking vertical layout.
• Integrated the diff component into Dashboard.tsx below the primary analytical charts.

Database / schema changes

• Rebuilt the findings table schema in db.py to explicitly include package_name (TEXT) and package_version (TEXT) columns to prevent data leakage from scanner metadata.

---

Testing

How did you test this?
Nuked the local patchpilot.db to verify flawless schema generation on startup. Ran two consecutive GitHub URL scans on a vulnerable target repository to populate baseline and updated data. Verified the backend accurately diffed the states and the frontend UI rendered the scrollable side-by-side red/green threat indicators without console errors.

Checklist

• Tested locally end-to-end (upload ZIP or GitHub URL → scan → findings returned correctly)
• New ML model falls back gracefully when model file is absent
• No new console.error or unhandled Python exceptions introduced
• Added or updated tests where applicable
• requirements.txt / package.json updated if new dependencies added
• New model files (.pkl, .pt, etc.) are gitignored, not committed

---

Screenshots (if UI changed)

[lakshay122007]

hi @ionfwsrijan Kindly review it and let me know any chnges required.

Also, while fixing this issue, I had to touch the database schema because the original setup was literally throwing away the specific package names extracted by the scanner, By adding those columns, we made sure our new diff engine actually knows which exact dependency got fixed instead of flying blindly.

Hope everyhitngs good.