Read-only GraphQL query requires delete_repo

I have a GraphQL query (not a mutation) that is failing if the personal access token does not have delete_repo permission. This query used to work without this permission, and started failing some time between now and August 2020 (not sure when). Adding delete_repo makes the query work, but I don’t want to carry around that extra delete_repo permission for a read-only application.

The GraphQL query is available here. It basically gets the currently authenticated user’s followers, and a summary of their recent activity. When calling the query, I get the error message:

Something went wrong while executing your query. Please include FCAC:0796:707296:8F0DDC:5FAFA0A4 when reporting this issue.

It has something to do with when the followers are in the same organization as the authenticated user; I get back information about each non-organization follower, but only null for the users that are in the same organization. Adding delete_repo makes the query work for all followers.

As a side note, the query works fine when using the GraphQL API Explorer, maybe because the access token used for the API Explorer already has delete_repo.

I found that by adding read:discussion permission I can get rid of the delete_repo permission. Not sure what changed to start requiring that permission, especially when nothing in my query changed, but this is an acceptable permission to add. Thanks!