From 529579ad7280c11b7d38b84fbb8c1c9e4097faf1 Mon Sep 17 00:00:00 2001
From: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Date: Mon, 5 Jun 2023 12:55:06 -0500
Subject: [PATCH 1/2] :seedling: Deprecate dependencydiff package and add
 access token requirement

- Deprecate the `dependencydiff` package and the `GetDependencyDiffResults` function
- Add a line to the `.codecov.yml` to ignore the `dependencydiff` package

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---
 .codecov.yml                     | 2 ++
 dependencydiff/dependencydiff.go | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.codecov.yml b/.codecov.yml
index 1f7a7c9fc2b..b49dfb9e315 100644
--- a/.codecov.yml
+++ b/.codecov.yml
@@ -12,6 +12,8 @@ ignore:
   - "docs/**/*"
   # this is the runner
   - "main.go"
+  # this package is deprecated and going to be removed.
+  - "dependencydiff/**/*"
 
 coverage:
   precision: 2
diff --git a/dependencydiff/dependencydiff.go b/dependencydiff/dependencydiff.go
index ed0f9774092..fabd67e5492 100644
--- a/dependencydiff/dependencydiff.go
+++ b/dependencydiff/dependencydiff.go
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Deprecated: This is going to be removed in the future.
 package dependencydiff
 
 import (
@@ -29,7 +30,9 @@ import (
 )
 
 // Depdiff is the exported name for dependency-diff.
-const Depdiff = "Dependency-diff"
+const (
+	Depdiff = "Dependency-diff"
+)
 
 // A private context struct used for GetDependencyCheckResults.
 type dependencydiffContext struct {
@@ -50,6 +53,7 @@ type dependencydiffContext struct {
 // GetDependencyDiffResults gets dependency changes between two given code commits BASE and HEAD
 // along with the Scorecard check results of the dependencies, and returns a slice of DependencyCheckResult.
 // TO use this API, an access token must be set. See https://github.com/ossf/scorecard#authentication.
+// Deprecated: This is going to be removed in the future.
 func GetDependencyDiffResults(
 	ctx context.Context,
 	repoURI string, /* Use the format "ownerName/repoName" as the repo URI, such as "ossf/scorecard". */

From 8f1c3a833e1a976522877f800f9d19ad837973c7 Mon Sep 17 00:00:00 2001
From: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Date: Mon, 5 Jun 2023 14:57:45 -0500
Subject: [PATCH 2/2] Fixed the code review comments.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---
 dependencydiff/dependencydiff.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dependencydiff/dependencydiff.go b/dependencydiff/dependencydiff.go
index fabd67e5492..78012426ad0 100644
--- a/dependencydiff/dependencydiff.go
+++ b/dependencydiff/dependencydiff.go
@@ -50,10 +50,10 @@ type dependencydiffContext struct {
 	results                         []pkg.DependencyCheckResult
 }
 
+// Deprecated: This is going to be removed in the future.
 // GetDependencyDiffResults gets dependency changes between two given code commits BASE and HEAD
 // along with the Scorecard check results of the dependencies, and returns a slice of DependencyCheckResult.
 // TO use this API, an access token must be set. See https://github.com/ossf/scorecard#authentication.
-// Deprecated: This is going to be removed in the future.
 func GetDependencyDiffResults(
 	ctx context.Context,
 	repoURI string, /* Use the format "ownerName/repoName" as the repo URI, such as "ossf/scorecard". */