[1.1.0]
Update forgejo to 15.0.0
Full Changelog
See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/15.0.0.md
PR: remove admin-level permissions from repo-specific & public-only access tokens
PR: The template generation (POST /repos/{template_owner}/{template_repo}/generate) and repository deletion (DELETE /repos/{username}/{reponame}) APIs have been updated to require the same permission scope as creating a new repository. Either write:user or write:organization is required, depending on the owner of the repository being created or deleted.
PR: Accessing the /repositories/{id} API with a public-only access token did not restrict read access to only public repositories, which is now prevented.
PR: Accessing the /repos/{owner}/{repo}/issues/{index}/dependencies and /repos/{owner}/{repo}/issues/{index}/blocks APIs with a public-only access token had access to modification operations against private repositories in the form component of the API (not the URL component), which is now prevented.
PR: Accessing the /repos/{owner}/{repo}/issues/{index}/dependencies and /repos/{owner}/{repo}/issues/{index}/blocks APIs with a public-only access token could view dependencies or blocking issues from private repositories, which is now prevented.
PR: Accessing the /repos/{owner}/{repo}/issues/{index}/timeline API with a public-only access token could view comment cross-references from private repositories, which is now prevented.
PR: Accessing the /teams/{id}/repos/{org}/{repo} API with a public-only access token could view private repositories assigned to a team, which is now prevented.