People in the schemedoc GitHub organization may have just got an email
with the title "[schemedoc/bibliography] Aws apikey exposed on GitHub".

That's marketing spam from some GitHub app. Please ignore the mail and
don't authorize the app on GitHub. I don't know how they got to scan our
commits in almost real time, but it's really shady marketing tactics :/