This repository maintains documentation for:
- Affinity API v1 (Legacy)
- Affinity API v2 (Current)
If you discover a security vulnerability in this repository, please do not open a public issue.
Instead, please report it via one of the following methods:
- Email: Send details to the repository maintainers (check repository settings for contact)
- Private Security Advisory: Use GitHub's private security advisory feature
- Direct Message: Contact repository maintainers directly
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt of your report within 48 hours and provide an update within 7 days.
This repository contains:
- Documentation only - No executable code or services
- Public API documentation - Already publicly available
- Automated update scripts - Run in controlled CI/CD environment
- All workflows run with minimal required permissions
- No secrets or credentials stored in repository
- Automated updates are reviewed before merging
- Pre-commit hooks prevent common security issues
This repository uses:
- GitHub Actions (official actions only)
- Python packages (listed in
requirements-ci.txt) - Pre-commit hooks (from official repositories)
All dependencies are regularly updated and monitored.
- Vulnerabilities will be disclosed after they are fixed
- Credit will be given to reporters (if desired)
- Fixes will be included in the next release
Security updates are applied via:
- Automated dependency updates (when configured)
- Manual updates by maintainers
- Pull requests from security researchers
Thank you for helping keep this repository secure!