Accessing the `/repositories/{id}` API with a public-only access token did not restrict read access to only public repositories, which is now prevented.
Accessing the `/repos/{owner}/{repo}/issues/{index}/dependencies` and `/repos/{owner}/{repo}/issues/{index}/blocks` APIs with a public-only access token had access to modification operations against private repositories in the *form* component of the API (not the URL component), which is now prevented.
Accessing the `/repos/{owner}/{repo}/issues/{index}/dependencies` and `/repos/{owner}/{repo}/issues/{index}/blocks` APIs with a public-only access token could view dependencies or blocking issues from private repositories, which is now prevented.
Accessing the `/repos/{owner}/{repo}/issues/{index}/timeline` API with a public-only access token could view comment cross-references from private repositories, which is now prevented.
Accessing the `/teams/{id}/repos/{org}/{repo}` API with a public-only access token could view private repositories assigned to a team, which is now prevented.
Access the watched repos and starred repos of a your own user through /user/subscriptions and /user/starred APIs with a public-only access token could view private repositories, which is now prevented.