GitHub (Un)signed commits: how we found a (non) security bug in GitHub When you build an entire software around someone else API, you tend to know everything about it. We made Mergify on top of GitHub API, and it's hard to describe