Update actions/attest-build-provenance action to v4 by renovate[bot] · Pull Request #81 · AlphaSphereDotAI/disease_assistant

renovate · 2026-02-26T22:06:44Z

This PR contains the following updates:

Package	Type	Update	Change
actions/attest-build-provenance	action	major	`v2` → `v4`

Release Notes

actions/attest-build-provenance (actions/attest-build-provenance)

`v4`

Compare Source

`v3`

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

semanticdiff-com · 2026-02-26T22:06:48Z

Review changes with

Changed Files

File	Status
.github/workflows/docker.yml	0% smaller

gitnotebooks · 2026-02-26T22:06:49Z

Review these changes at https://app.gitnotebooks.com/AlphaSphereDotAI/disease_assistant/pull/81

deepsource-io · 2026-02-26T22:07:05Z

DeepSource Code Review

We reviewed changes in 89599db...af12d09 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade	Security Reliability Complexity Hygiene

Code Review Summary

Analyzer	Updated (UTC)	Details
Python	Feb 26, 2026 10:06p.m.	Review ↗
Docker	Feb 26, 2026 10:06p.m.	Review ↗
Secrets	Feb 26, 2026 10:06p.m.	Review ↗

mergify · 2026-02-26T22:07:55Z

🧪 CI Insights

Here's what we observed from your CI run for af12d09.

🟢 All jobs passed!

But CI Insights is watching 👀

MH0386 · 2026-02-26T22:10:50Z

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Errors	Warnings	Elapsed time
❌ ACTION	actionlint	11	7	0	0.39s
✅ COPYPASTE	jscpd	yes	no	no	1.7s
✅ DOCKERFILE	hadolint	1	0	0	0.09s
✅ JSON	jsonlint	1	0	0	0.17s
✅ JSON	prettier	1	0	0	0.42s
✅ JSON	v8r	1	0	0	2.89s
✅ MARKDOWN	markdownlint	1	0	0	0.72s
✅ MARKDOWN	markdown-table-formatter	1	0	0	0.42s
✅ PYTHON	bandit	5	0	0	1.96s
✅ PYTHON	black	5	0	0	1.86s
❌ PYTHON	flake8	5	7	0	1.18s
⚠️ PYTHON	isort	5	5	0	0.27s
❌ PYTHON	mypy	5	1	0	3.8s
❌ PYTHON	pylint	5	16	0	6.97s
❌ PYTHON	pyright	5	10	0	4.6s
❌ PYTHON	ruff	5	4	0	0.08s
❌ REPOSITORY	devskim	yes	1	no	1.9s
✅ REPOSITORY	dustilock	yes	no	no	0.02s
❌ REPOSITORY	gitleaks	yes	1	no	0.51s
✅ REPOSITORY	git_diff	yes	no	no	0.03s
❌ REPOSITORY	grype	yes	34	no	49.75s
❌ REPOSITORY	kics	yes	30	no	28.13s
✅ REPOSITORY	secretlint	yes	no	no	0.91s
✅ REPOSITORY	syft	yes	no	no	3.97s
❌ REPOSITORY	trivy	yes	1	no	12.14s
✅ REPOSITORY	trivy-sbom	yes	no	no	3.78s
✅ REPOSITORY	trufflehog	yes	no	no	5.32s
❌ SPELL	cspell	43	108	0	10.55s
❌ SPELL	lychee	21	5	0	0.73s
✅ XML	xmllint	6	0	0	0.18s
⚠️ YAML	prettier	19	1	6	1.12s
❌ YAML	v8r	19	1	0	10.41s
❌ YAML	yamllint	19	37	0	0.95s

Detailed Issues

❌ ACTION / actionlint - 7 errors

.github/workflows/code_analysis.yml:14:14: label "ubuntu-slim" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file [runner-label]
   |
14 |     runs-on: ubuntu-slim
   |              ^~~~~~~~~~~
.github/workflows/github.yaml:9:14: label "matrix.os" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file [runner-label]
  |
9 |     runs-on: matrix.os
  |              ^~~~~~~~~
.github/workflows/github.yaml:26:29: property "details" is not defined in object type {} [expression]
   |
26 |         run: uv version ${{ needs.details.outputs.new_version }}
   |                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.github/workflows/github.yaml:37:14: label "ubuntu-slim" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-2019", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "ubuntu-20.04", "macos-latest", "ma

(Truncated to 2352 characters out of 4277)

❌ SPELL / cspell - 108 errors

.circleci/config.yml:7:16      - Unknown word (cimg)       -- - image: cimg/base:edge
	 Suggestions: [cig, icmp, mig, camb, came]
.circleci/config.yml:9:43      - Unknown word (aquasecurity) -- REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
	 Suggestions: []
.circleci/config.yml:13:19     - Unknown word (sarif)        -- format: sarif
	 Suggestions: [sari, saris, serif, sharif, sadi]
.circleci/config.yml:15:26     - Unknown word (sarif)        -- output: report.sarif
	 Suggestions: [sari, saris, serif, sharif, sadi]
.dockerignore:1:6       - Unknown word (pycache)    -- **/__pycache__/
	 Suggestions: [mycache, Mycache, myCache, MyCache, panache]
.dockerignore:2:2       - Unknown word (deepsource) -- .deepsource.toml
	 Suggestions: [reupsource, reUpsource, Reupsource, ReUpsource, reupSource]
.dockerignore:6:2       - Unknown word (mypy)       -- .mypy_cache/
	 Suggestions: [mopy, myopy, macy, many, maps]
.dockerignore:8:2       - Unknown word (venv)       -- .venv/
	 Suggestions: [vena, vend, venn, vent, Venn]
.gitattributes:27:3      - Unknown word (ipynb)      -- *.ipynb text eol=lf
	 Suggestions: [piny]
.gitattributes:31:30     - Unknown word (anydbm)     -- shelve``, ``marshal``, ``anydbm``, & ``bsddb``
	 Suggestions: [anadem, andy, andy's, Andy, Andy's]
.gitattributes:31:44     - Unknown word (bsddb)      -- marshal``, ``anydbm``, & ``bsddb``
	 Suggestions: [bsds, bsd, tsdb, sdb, baddy]
.gitattributes:44:3      - Unknown word (bibtex)     -- *.bibtex text diff=bibtex
	 Suggestions: [bite, bible, biter, bites, bitte]
.gitattributes:44:22     - Unknown word (bibtex)     -- .bibtex text diff=bibtex
	 Suggestions: [bite, bible, biter, bites, bitte]
.gitattributes:45:17     - Unknown word (astextplain) -- *.doc diff=astextplain
	 Suggestions: []
.gitattributes:46:17     - Unknown word (astextplain) -- *.DOC diff=astextplain
	 Suggestions: []
.gitattributes:47:17     - Unknown word (astextplain) -- *.docx diff=astextplain
	 Suggestions: []
.gitattributes:48:17     - Unknown word (astextplain) -- *.DOCX diff=astextplain
	 Suggestions: []
.gitattributes:49:17     - Unknown word (astextplain) -- *.dot diff=astextplain
	 Suggestions: []
.gitattributes:58:3      - Unknown word (adoc)        -- *.adoc text
	 Suggestions: [ados, apoc, adhoc, Apoc, adc]
.gitattributes:66:3      - Unknown word (epub)        -- *.epub di

(Truncated to 2352 characters out of 16812)

❌ REPOSITORY / devskim - 1 error

{"$schema":"https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.6.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"devskim","fullName":"Microsoft DevSkim Command Line Interface","version":"1.0.67+1c44622c1f","informationUri":"https://github.com/microsoft/DevSkim/","rules":[{"id":"DS162092","name":"DoNotLeaveDebugCodeInProduction","fullDescription":{"text":"Do not leave debug code in production: Accessing localhost could indicate debug code, or could hinder scaling."},"help":{"text":"Accessing localhost could indicate debug code, or could hinder scaling.","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS162092.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS162092.md) for additional guidance on this issue."},"shortDescription":{"text":"Accessing localhost could indicate debug code, or could hinder scaling."},"defaultConfiguration":{"level":"note"},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS162092.md","properties":{"precision":"high","problem.severity":"recommendation","DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}}]}},"versionControlProvenance":[{"repositoryUri":"https://github.com/AlphaSphereDotAI/disease_assistant","revisionId":"HIDDEN_BY_MEGALINTER","branch":"renovate/actions-attest-build-provenance-4.x"}],"results":[{"ruleId":"DS162092","level":"note","message":{"text":"Do not leave debug code in production"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/disease_assistant/__init__.py"},"region":{"startLine":11,"startColumn":61,"endLine":11,"endColumn":70,"charOffset":290,"charLength":9,"snippet":{"text":"localhost","rendered":{"text":"localhost","markdown":"`localhost`"}},"sourceLanguage":"python"}}}],"properties":{"tags":["Hygiene.Network.AccessingLocalhost"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}}],"columnKind":"utf16CodeUnits"}]}

❌ PYTHON / flake8 - 7 errors

src/disease_assistant/graph.py:42:89: E501 line too long (109 > 88 characters)
src/disease_assistant/graph.py:43:89: E501 line too long (111 > 88 characters)
src/disease_assistant/graph.py:86:89: E501 line too long (99 > 88 characters)
src/disease_assistant/gui.py:24:9: F841 local variable 'image' is assigned to but never used
src/disease_assistant/gui.py:25:9: F841 local variable 'text' is assigned to but never used
src/disease_assistant/gui.py:28:17: F841 local variable 'submit_button' is assigned to but never used
src/disease_assistant/gui.py:29:17: F841 local variable 'chatbot' is assigned to but never used

❌ REPOSITORY / gitleaks - 1 error

○
    │╲
    │ ○
    ○ ░
    ░    gitleaks

Finding:     api_key="REDACTED"
Secret:      REDACTED
RuleID:      generic-api-key
Entropy:     5.146292
File:        src/disease_assistant/graph.py
Line:        15
Commit:      HIDDEN_BY_MEGALINTERAuthor:      Mohamed Hisham Abdelzaher
Email:       mohamed.hisham.abdelzaher@gmail.com
Date:        2025-06-04T00:20:24Z
Fingerprint: a6f814864b0a4d08a5794038888260d2402a6553:src/disease_assistant/graph.py:generic-api-key:15
Link:        https://github.com/AlphaSphereDotAI/disease_assistant/blob/a6f814864b0a4d08a5794038888260d2402a6553/src/disease_assistant/graph.py#L15

10:15PM INF 145 commits scanned.
10:15PM INF scanned ~915510 bytes (915.51 KB) in 392ms
10:15PM WRN leaks found: 1

❌ REPOSITORY / grype - 34 errors

[0000]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)
NAME                       INSTALLED  FIXED IN  TYPE           VULNERABILITY        SEVERITY  EPSS           RISK   
nltk                       3.9.2      3.9.3     python         GHSA-7p94-766c-hgjp  Critical  0.5% (66th)    0.5    
fonttools                  4.60.1     4.60.2    python         GHSA-768j-98cg-p3fv  Medium    0.3% (49th)    0.1    
setuptools                 73.0.1     78.1.1    python         GHSA-5rjg-fvgr-3xxf  High      0.2% (39th)    0.1    
aquasecurity/trivy-action  0.33.1     0.34.0    github-action  GHSA-9p44-j4g5-cfx5  Medium    0.1% (29th)    < 0.1  
basicsr                    1.4.2                python         GHSA-86w8-vhw6-q9qq  Medium    0.1% (30th)    < 0.1  
langchain-core             1.0.3      1.0.7     python         GHSA-6qv9-48xg-fc7f  High      < 0.1% (20th)  < 0.1  
aiohttp                    3.13.2     3.13.3    python         GHSA-6mq8-rvhq-8wgg  High      < 0.1% (18th)  < 0.1  
aiohttp                    3.13.2     3.13.3    python         GHSA-6jhg-hg63-jvvf  Medium    < 0.1% (18th)  < 0.1  
aiohttp                    3.13.2     3.13.3    python         GHSA-jj3x-wxrx-4x23  Medium    < 0.1% (18th)  < 0.1  
langchain-core             1.0.3      1.2.5     python         GHSA-c67j-w6g6-q2cm  Critical  < 0.1% (10th)  < 0.1  
werkzeug                   3.1.3      3.1.6     python         GHSA-29vq-49wr-vm6x  Medium    < 0.1% (18th)  < 0.1  
aiohttp                    3.13.2     3.13.3    python         GHSA-g84x-mcqj-x9qq  Medium    < 0.1% (15th)  < 0.1  
orjson                     3.11.4               python         GHSA-hx9q-6w63-j58v  Medium    < 0.1% (16th)  < 0.1  
mcp                        1.10.1     1.23.0    python         GHSA-9h52-p55h-vw2f  High      < 0.1% (10th)  < 0.1  
urllib3                    2.5.0      2.6.3     python         GHSA-38jv-5279-wg99  High      < 0.1% (8th)   < 0.1  
urllib3                    2.5.0      2.6.0     python         GHSA-gm62-xv2j-4w53  High      < 0.1% (7th)   < 0.1  
urllib3                    2.5.0      2.6.0     python         GHSA-2xpw-w6gg-jr37  High      < 0.1% (7th)   < 0.1  
protobuf                   6.33.0     6.33.5    python         GHSA-7gcm-g887-7qv7  High      < 0.1% (6th)   < 

(Truncated to 2352 characters out of 4300)

❌ REPOSITORY / kics - 30 errors

MLLLLLM             MLLLLLLLLL   LLLLLLL             KLLLLLLLLLLLLLLLL       LLLLLLLLLLLLLLLLLLLLLLL 
   MMMMMMM           MMMMMMMMMML    MMMMMMMK       LMMMMMMMMMMMMMMMMMMMML   KLMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM         MMMMMMMMML       MMMMMMMK     LMMMMMMMMMMMMMMMMMMMMMML  LMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM      MMMMMMMMMML         MMMMMMMK   LMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM    LMMMMMMMMML           MMMMMMMK  LMMMMMMMMMLLMLLLLLLLLLLLLLL LMMMMMMMLLLLLLLLLLLLLLLLLLLLM 
   MMMMMMM  MMMMMMMMMLM             MMMMMMMK LMMMMMMMM                    LMMMMMML                      
   MMMMMMMLMMMMMMMML                MMMMMMMK MMMMMMML                     LMMMMMMMMLLLLLLLLLLLLLMLL     
   MMMMMMMMMMMMMMMM                 MMMMMMMK MMMMMML                       LMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMMMMMMMMMMMMM               MMMMMMMK MMMMMMM                         LMMMMMMMMMMMMMMMMMMMMMMMML 
   MMMMMMM KLMMMMMMMMML             MMMMMMMK LMMMMMMM                                          MMMMMMMML
   MMMMMMM    LMMMMMMMMMM           MMMMMMMK LMMMMMMMMLL                                        MMMMMMML
   MMMMMMM      LMMMMMMMMMLL        MMMMMMMK  LMMMMMMMMMMMMMMMMMMMMMMMMML LLLLLLLLLLLLLLLLLLLLMMMMMMMMMM
   MMMMMMM        MMMMMMMMMMML      MMMMMMMK   MMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM          LLMMMMMMMMML    MMMMMMMK     LLMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMM             MMMMMMMMMML  MMMMMMMK         KLMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMLK    
                                                                                                            
                                                                                                                                                                                                                                                                                                                        


Scanning with Keeping Infrastructure as Code Secure v2.1.14





Unpinned Actions Full Length Commit SHA, Severity: LOW, Results: 28
Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the acti

(Truncated to 2352 characters out of 8346)

❌ SPELL / lychee - 5 errors

[404] https://github.com/$%7B%7Bgithub.repository%7D%7D/releases/tag/$%7B%7Bgithub.ref_name%7D%7D | Network error: Not Found
[404] https://github.com/$%7B%7Bgithub.repository%7D%7D/commits/$%7B%7Bgithub.ref_name%7D%7D | Network error: Not Found
[404] https://github.com/$%7B%7Bgithub.repository%7D%7D/releases/tag/$%7B%7Bgithub.ref_name%7D%7D | Network error: Not Found
[404] https://github.com/$%7B%7Bgithub.repository%7D%7D/commits/$%7B%7Bgithub.ref_name%7D%7D | Network error: Not Found
[404] https://github.com/$%7B%7Bgithub.repository%7D%7D/commits/$%7B%7Bgithub.ref_name%7D%7D | Network error: Not Found
📝 Summary
---------------------
🔍 Total............9
✅ Successful.......3
⏳ Timeouts.........0
🔀 Redirected.......0
👻 Excluded.........1
❓ Unknown..........0
🚫 Errors...........5

Errors in .github/workflows/pyapp.yaml
[404] https://github.com/$%7B%7Bgithub.repository%7D%7D/commits/$%7B%7Bgithub.ref_name%7D%7D | Network error: Not Found

Errors in .github/workflows/pycrucible.yaml
[404] https://github.com/$%7B%7Bgithub.repository%7D%7D/releases/tag/$%7B%7Bgithub.ref_name%7D%7D | Network error: Not Found
[404] https://github.com/$%7B%7Bgithub.repository%7D%7D/commits/$%7B%7Bgithub.ref_name%7D%7D | Network error: Not Found

Errors in .github/workflows/build.yaml
[404] https://github.com/$%7B%7Bgithub.repository%7D%7D/commits/$%7B%7Bgithub.ref_name%7D%7D | Network error: Not Found
[404] https://github.com/$%7B%7Bgithub.repository%7D%7D/releases/tag/$%7B%7Bgithub.ref_name%7D%7D | Network error: Not Found

❌ PYTHON / mypy - 1 error

src/disease_assistant/gui.py:18: error: Module has no attribute "png"  [attr-defined]
Found 1 error in 1 file (checked 5 source files)

❌ PYTHON / pylint - 16 errors

************* Module disease_assistant
src/disease_assistant/__init__.py:5:0: E0401: Unable to import 'dotenv' (import-error)
src/disease_assistant/__init__.py:6:0: E0401: Unable to import 'loguru' (import-error)
************* Module disease_assistant.__main__
src/disease_assistant/__main__.py:1:0: E0401: Unable to import 'gradio' (import-error)
************* Module disease_assistant.graph
src/disease_assistant/graph.py:3:0: E0401: Unable to import 'langchain_core.messages' (import-error)
src/disease_assistant/graph.py:4:0: E0401: Unable to import 'langchain_core.prompt_values' (import-error)
src/disease_assistant/graph.py:5:0: E0401: Unable to import 'langchain_core.runnables' (import-error)
src/disease_assistant/graph.py:6:0: E0401: Unable to import 'langchain_groq.chat_models' (import-error)
src/disease_assistant/graph.py:7:0: E0401: Unable to import 'langgraph.graph' (import-error)
src/disease_assistant/graph.py:8:0: E0401: Unable to import 'langgraph.graph.state' (import-error)
src/disease_assistant/graph.py:9:0: E0401: Unable to import 'langgraph.prebuilt' (import-error)
src/disease_assistant/graph.py:10:0: E0401: Unable to import 'langgraph.types' (import-error)
************* Module disease_assistant.gui
src/disease_assistant/gui.py:1:0: E0401: Unable to import 'gradio' (import-error)
src/disease_assistant/gui.py:18:28: E1101: Module 'disease_assistant.graph' has no 'png' member (no-member)
************* Module disease_assistant.state
src/disease_assistant/state.py:3:0: E0401: Unable to import 'langchain_core.messages' (import-error)
src/disease_assistant/state.py:4:0: E0401: Unable to import 'langgraph.graph' (import-error)
src/disease_assistant/state.py:5:0: E0401: Unable to import 'pydantic' (import-error)

❌ PYTHON / pyright - 10 errors

src/disease_assistant/__init__.py
  src/disease_assistant/__init__.py:6:6 - error: Import "loguru" could not be resolved (reportMissingImports)
src/disease_assistant/__main__.py
  src/disease_assistant/__main__.py:1:6 - error: Import "gradio" could not be resolved (reportMissingImports)
src/disease_assistant/graph.py
  src/disease_assistant/graph.py:6:6 - error: Import "langchain_groq.chat_models" could not be resolved (reportMissingImports)
  src/disease_assistant/graph.py:7:6 - error: Import "langgraph.graph" could not be resolved (reportMissingImports)
  src/disease_assistant/graph.py:8:6 - error: Import "langgraph.graph.state" could not be resolved (reportMissingImports)
  src/disease_assistant/graph.py:9:6 - error: Import "langgraph.prebuilt" could not be resolved (reportMissingImports)
  src/disease_assistant/graph.py:10:6 - error: Import "langgraph.types" could not be resolved (reportMissingImports)
src/disease_assistant/gui.py
  src/disease_assistant/gui.py:1:6 - error: Import "gradio" could not be resolved (reportMissingImports)
  src/disease_assistant/gui.py:18:35 - error: "png" is not a known attribute of module "disease_assistant.graph" (reportAttributeAccessIssue)
src/disease_assistant/state.py
  src/disease_assistant/state.py:4:6 - error: Import "langgraph.graph" could not be resolved (reportMissingImports)
10 errors, 0 warnings, 0 informations

❌ PYTHON / ruff - 4 errors

F841 Local variable `image` is assigned to but never used
  --> src/disease_assistant/gui.py:24:9
   |
22 | def app_block() -> Blocks:
23 |     with Blocks() as app:
24 |         image: Image = Image(label="Upload Image")
   |         ^^^^^
25 |         text: Textbox = Textbox(label="Enter text")
26 |         with Row():
   |
help: Remove assignment to unused variable `image`

F841 Local variable `text` is assigned to but never used
  --> src/disease_assistant/gui.py:25:9
   |
23 |     with Blocks() as app:
24 |         image: Image = Image(label="Upload Image")
25 |         text: Textbox = Textbox(label="Enter text")
   |         ^^^^
26 |         with Row():
27 |             with Column():
   |
help: Remove assignment to unused variable `text`

F841 Local variable `submit_button` is assigned to but never used
  --> src/disease_assistant/gui.py:28:17
   |
26 |         with Row():
27 |             with Column():
28 |                 submit_button: Button = Button("Submit")
   |                 ^^^^^^^^^^^^^
29 |                 chatbot: Chatbot = Chatbot(label="AI Response")
30 |     # submit_button.click(process_input, inputs=[image, text], outputs=chatbot)
   |
help: Remove assignment to unused variable `submit_button`

F841 Local variable `chatbot` is assigned to but never used
  --> src/disease_assistant/gui.py:29:17
   |
27 |             with Column():
28 |                 submit_button: Button = Button("Submit")
29 |                 chatbot: Chatbot = Chatbot(label="AI Response")
   |                 ^^^^^^^
30 |     # submit_button.click(process_input, inputs=[image, text], outputs=chatbot)
31 |     return app
   |
help: Remove assignment to unused variable `chatbot`

Found 4 errors.
No fixes available (4 hidden fixes can be enabled with the `--unsafe-fixes` option).

❌ REPOSITORY / trivy - 1 error

2026-02-26T22:15:38Z	INFO	[vulndb] Need to update DB
2026-02-26T22:15:38Z	INFO	[vulndb] Downloading vulnerability DB...
2026-02-26T22:15:38Z	INFO	[vulndb] Downloading artifact...	repo="mirror.gcr.io/aquasec/trivy-db:2"
4.52 MiB / 86.41 MiB [--->___________________________________________________________] 5.24% ? p/s ?28.63 MiB / 86.41 MiB [-------------------->________________________________________] 33.13% ? p/s ?53.56 MiB / 86.41 MiB [------------------------------------->_______________________] 61.98% ? p/s ?78.75 MiB / 86.41 MiB [------------------------------------------>____] 91.14% 123.58 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 123.58 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 123.58 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 116.43 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 116.43 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 116.43 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 108.92 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 108.92 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 108.92 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 101.89 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 101.89 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [--------------------------------------------->] 100.00% 101.89 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 95.32 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 95.32 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 95.32 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 89.17 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 89.17 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [---------------------------------------------->] 100.00% 89.17 MiB p/s ETA 0s86.41 MiB / 86.41 MiB [----------

(Truncated to 2352 characters out of 27480)

❌ YAML / v8r - 1 error

ℹ No config file found
ℹ Pre-warming the cache
ℹ Processing .circleci/config.yml
ℹ Found schema in https://www.schemastore.org/api/json/catalog.json ...
ℹ Validating .circleci/config.yml against schema from https://www.schemastore.org/circleciconfig.json ...
✔ .circleci/config.yml is valid

ℹ Processing .github/dependabot.yml
ℹ Found schema in https://www.schemastore.org/api/json/catalog.json ...
ℹ Validating .github/dependabot.yml against schema from https://www.schemastore.org/dependabot-2.0.json ...
✔ .github/dependabot.yml is valid

ℹ Processing .github/mergify.yml
ℹ Found schema in https://www.schemastore.org/api/json/catalog.json ...
ℹ Validating .github/mergify.yml against schema from https://raw.githubusercontent.com/Mergifyio/docs/main/public/mergify-configuration-schema.json ...
unknown format "template" ignored in schema at path "#/$defs/AssignActionModel/properties/users/items"
unknown format "template" ignored in schema at path "#/$defs/AssignActionModel/properties/users/items"
unknown format "template" ignored in schema at path "#/$defs/AssignActionModel/properties/add_users/items"
unknown format "template" ignored in schema at path "#/$defs/AssignActionModel/properties/add_users/items"
unknown format "template" ignored in schema at path "#/$defs/AssignActionModel/properties/remove_users/items"
unknown format "template" ignored in schema at path "#/$defs/AssignActionModel/properties/remove_users/items"
unknown format "template" ignored in schema at path "#/properties/bot_account/anyOf/0"
unknown format "template" ignored in schema at path "#/properties/bot_account/anyOf/0"
unknown format "template" ignored in schema at path "#/properties/assignees/items"
unknown format "template" ignored in schema at path "#/properties/assignees/items"
unknown format "template" ignored in schema at path "#/properties/title"
unknown format "template" ignored in schema at path "#/properties/title"
unknown format "template" ignored in schema at path "#/properties/body"
unknown format "template" ignored in schema at path "#/properties/body"
unknown format "template" ignored in schema at path "#/$defs/CloseActionModel/properties/message"
unknown format "template" ignored in schema at path "#/$defs/CloseActionModel/properties/message"
unknown format "template" ignored in schema at path "#/$defs/CommentActionModel/proper

(Truncated to 2352 characters out of 13390)

❌ YAML / yamllint - 37 errors

.circleci/config.yml
  1:1       warning  missing document start "---"  (document-start)

.github/dependabot.yml
  6:1       warning  missing document start "---"  (document-start)

.github/mergify.yml
  1:1       warning  missing document start "---"  (document-start)

.github/workflows/build.yaml
  1:1       warning  missing document start "---"  (document-start)
  2:1       warning  truthy value should be one of [false, true]  (truthy)
  51:7      warning  comment not indented like content  (comments-indentation)

.github/workflows/code_analysis.yml
  1:1       warning  missing document start "---"  (document-start)
  2:1       warning  truthy value should be one of [false, true]  (truthy)

.github/workflows/docker.yml
  1:1       warning  missing document start "---"  (document-start)
  2:1       warning  truthy value should be one of [false, true]  (truthy)

.github/workflows/github.yaml
  1:1       warning  missing document start "---"  (document-start)
  2:1       warning  truthy value should be one of [false, true]  (truthy)
  8:19      error    trailing spaces  (trailing-spaces)

.github/workflows/helpr.yaml
  1:1       warning  missing document start "---"  (document-start)
  2:1       warning  truthy value should be one of [false, true]  (truthy)

.github/workflows/huggingface.yml
  1:1       warning  missing document start "---"  (document-start)
  2:1       warning  truthy value should be one of [false, true]  (truthy)

.github/workflows/lint.yaml
  1:1       warning  missing document start "---"  (document-start)
  2:1       warning  truthy value should be one of [false, true]  (truthy)
  10:6      error    trailing spaces  (trailing-spaces)
  25:7      warning  comment not indented like content  (comments-indentation)
  68:13     error    wrong indentation: expected 10 but found 12  (indentation)

.github/workflows/pyapp.yaml
  1:1       warning  missing document start "---"  (document-start)
  2:1       warning  truthy value should be one of [false, true]  (truthy)
  18:77     error    trailing spaces  (trailing-spaces)

.github/workflows/pycrucible.yaml
  1:1       warning  missing document start "---"  (document-start)
  2:1       warning  truthy value should be one of [false, true]  (truthy)
  50:9      warning  comment not indented like content  (comments-indentation)

.github/workflows/t1.y

(Truncated to 2352 characters out of 3163)

⚠️ PYTHON / isort - 5 errors

ERROR: src/disease_assistant/__main__.py Imports are incorrectly sorted and/or formatted.
ERROR: src/disease_assistant/graph.py Imports are incorrectly sorted and/or formatted.
ERROR: src/disease_assistant/gui.py Imports are incorrectly sorted and/or formatted.
--- src/disease_assistant/__main__.py:before	2026-02-26 22:15:11.842824
+++ src/disease_assistant/__main__.py:after	2026-02-26 22:16:00.089627
@@ -1,7 +1,6 @@
-from gradio import TabbedInterface
-
 from disease_assistant import DEBUG, SERVER_NAME, SERVER_PORT
 from disease_assistant.gui import app_block, debug_block
+from gradio import TabbedInterface
 
 
 def main() -> None:
--- src/disease_assistant/graph.py:before	2026-02-26 22:15:11.842824
+++ src/disease_assistant/graph.py:after	2026-02-26 22:16:00.099280
@@ -1,5 +1,6 @@
 from typing import Any, Callable, Sequence
 
+from disease_assistant.state import State
 from langchain_core.messages import BaseMessage, HumanMessage, SystemMessage
 from langchain_core.prompt_values import PromptValue
 from langchain_core.runnables import Runnable
@@ -8,8 +9,6 @@
 from langgraph.graph.state import CompiledStateGraph
 from langgraph.prebuilt import ToolNode, tools_condition
 from langgraph.types import CachePolicy
-
-from disease_assistant.state import State
 
 
 class Graph:
--- src/disease_assistant/gui.py:before	2026-02-26 22:15:11.842824
+++ src/disease_assistant/gui.py:after	2026-02-26 22:16:00.101608
@@ -1,3 +1,4 @@
+from disease_assistant import graph
 from gradio import (
     Blocks,
     Button,
@@ -7,8 +8,6 @@
     Row,
     Textbox,
 )
-
-from disease_assistant import graph
 
 
 def debug_block() -> Blocks:

⚠️ YAML / prettier - 1 error

Checking formatting...
[warn] .circleci/config.yml
[warn] .github/workflows/github.yaml
[warn] .github/workflows/lint.yaml
[warn] .github/workflows/pyapp.yaml
[warn] .github/workflows/t1.yaml
[warn] Code style issues found in 5 files. Run Prettier with --write to fix.

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

Documentation: Custom Flavors
Command: npx mega-linter-runner@9.1.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_DEVSKIM,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,SPELL_LYCHEE,XML_XMLLINT,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Update actions/attest-build-provenance action to v4

af12d09

renovate bot had a problem deploying to code_quality February 26, 2026 22:06 Failure

renovate bot deployed to pycrucible February 26, 2026 22:06 View deployment

renovate bot deployed to pyapp February 26, 2026 22:06 View deployment

renovate bot had a problem deploying to github February 26, 2026 22:07 Failure

renovate bot had a problem deploying to github February 26, 2026 22:08 Failure

renovate bot had a problem deploying to github February 26, 2026 22:10 Failure

renovate bot had a problem deploying to code_quality February 26, 2026 22:12 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update actions/attest-build-provenance action to v4#81

Update actions/attest-build-provenance action to v4#81
renovate[bot] wants to merge 1 commit intomainfrom
renovate/actions-attest-build-provenance-4.x

renovate bot commented Feb 26, 2026 •

edited

Loading

Uh oh!

semanticdiff-com bot commented Feb 26, 2026 •

edited

Loading

Uh oh!

gitnotebooks bot commented Feb 26, 2026

Uh oh!

deepsource-io bot commented Feb 26, 2026 •

edited

Loading

Uh oh!

mergify bot commented Feb 26, 2026 •

edited

Loading

Uh oh!

MH0386 commented Feb 26, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

renovate bot commented Feb 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v4

v3

Configuration

Uh oh!

semanticdiff-com bot commented Feb 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

gitnotebooks bot commented Feb 26, 2026

Uh oh!

deepsource-io bot commented Feb 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

DeepSource Code Review

PR Report Card

Code Review Summary

Uh oh!

mergify bot commented Feb 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🧪 CI Insights

🟢 All jobs passed!

Uh oh!

MH0386 commented Feb 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

❌MegaLinter analysis: Error

Detailed Issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate bot commented Feb 26, 2026 •

edited

Loading

`v4`

`v3`

semanticdiff-com bot commented Feb 26, 2026 •

edited

Loading

deepsource-io bot commented Feb 26, 2026 •

edited

Loading

mergify bot commented Feb 26, 2026 •

edited

Loading

MH0386 commented Feb 26, 2026 •

edited

Loading