From 9e85cc658fe091963924c6e28d6aa74716da7465 Mon Sep 17 00:00:00 2001
From: Ryan <30853424+totally-not-frito-lays@users.noreply.github.com>
Date: Mon, 23 Jun 2025 18:12:07 -0700
Subject: [PATCH 1/6] updated checkout to use gha v3 checkout instead of main

---
 .github/workflows/codeql-analysis.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index abf6932b26..dc79221a72 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,12 +13,12 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ 'master', 'stable*', 'v[0-9]*' ]
+    branches: [ 'main', 'stable*', 'v[0-9]*' ]
     paths-ignore:
       - webapp/public/vs/language/typescript/tsWorker.js
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [ main ]
   schedule:
     - cron: '34 6 * * 0'
 
@@ -38,10 +38,13 @@ jobs:
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+    
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@main
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

From 6925dcee9d65786355f8b53dd9e3bd4b3533b80f Mon Sep 17 00:00:00 2001
From: Ryan <30853424+totally-not-frito-lays@users.noreply.github.com>
Date: Mon, 23 Jun 2025 18:13:38 -0700
Subject: [PATCH 2/6] updated perms to fix gha buildpush workflow

---
 .github/workflows/pxt-buildpush.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/pxt-buildpush.yml b/.github/workflows/pxt-buildpush.yml
index 954c1eaf84..c867e75693 100644
--- a/.github/workflows/pxt-buildpush.yml
+++ b/.github/workflows/pxt-buildpush.yml
@@ -9,6 +9,9 @@ on:
 
 permissions:
   contents: write
+  issues: write
+  pull-requests: write
+  actions: write
 
 jobs:
   filter-vtags:

From 6582edd6998be3323105216932dab9939c67e9cc Mon Sep 17 00:00:00 2001
From: Ryan <30853424+totally-not-frito-lays@users.noreply.github.com>
Date: Mon, 23 Jun 2025 18:21:17 -0700
Subject: [PATCH 3/6] updated perms for codeql to read contents

---
 .github/workflows/codeql-analysis.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index dc79221a72..f6468eb97b 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -22,9 +22,9 @@ on:
   schedule:
     - cron: '34 6 * * 0'
 
-  # Permissions required by OpenID Connect to access Azure.
 permissions:
   security-events: write
+  contents: read  # Required for GH_TOKEN to access repository contents
 
 jobs:
   analyze:
@@ -38,9 +38,7 @@ jobs:
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-    
-    env:
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
 
     steps:
     - name: Checkout repository

From 43a30996e35ec4d9f65d5169777980596eb20a0a Mon Sep 17 00:00:00 2001
From: Ryan <30853424+totally-not-frito-lays@users.noreply.github.com>
Date: Mon, 23 Jun 2025 18:38:42 -0700
Subject: [PATCH 4/6] added actions read perm

---
 .github/workflows/codeql-analysis.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index f6468eb97b..5e24b49bcb 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -23,8 +23,9 @@ on:
     - cron: '34 6 * * 0'
 
 permissions:
+  contents: read
+  actions: read
   security-events: write
-  contents: read  # Required for GH_TOKEN to access repository contents
 
 jobs:
   analyze:

From 9350844a54496a0b26d7c12864b22cd94c7c1bcf Mon Sep 17 00:00:00 2001
From: Ryan <30853424+totally-not-frito-lays@users.noreply.github.com>
Date: Mon, 30 Jun 2025 07:20:32 -0700
Subject: [PATCH 5/6] removed trailing spaces

---
 webapp/src/blocks.tsx | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/webapp/src/blocks.tsx b/webapp/src/blocks.tsx
index 61f875dd63..1f6e1cafd7 100644
--- a/webapp/src/blocks.tsx
+++ b/webapp/src/blocks.tsx
@@ -619,11 +619,11 @@ export class Editor extends toolboxeditor.ToolboxEditor {
         Blockly.config.connectingSnapRadius = 96;
 
         this.editor = Blockly.inject(blocklyDiv, this.getBlocklyOptions(forceHasCategories)) as Blockly.WorkspaceSvg;
-        
+
         // Add block change listener to log block changes
         this.editor.addChangeListener((ev: any) => {
-            if (ev.type === Blockly.Events.CREATE || 
-                ev.type === Blockly.Events.DELETE || 
+            if (ev.type === Blockly.Events.CREATE ||
+                ev.type === Blockly.Events.DELETE ||
                 ev.type === Blockly.Events.CHANGE) {
                 this.logCurrentBlocks();
             }
@@ -1031,11 +1031,11 @@ export class Editor extends toolboxeditor.ToolboxEditor {
 
     private logCurrentBlocks() {
         if (!this.editor) return;
-        
+
         const blocks = this.editor.getAllBlocks(false); // Don't include child blocks
         const blockTypes = blocks.map(block => block.type);
         console.log('Current blocks in workspace:', blockTypes);
-        
+
         // Group and count block types
         const blockCounts: pxt.Map<number> = {};
         blocks.forEach(block => {
@@ -1051,10 +1051,10 @@ export class Editor extends toolboxeditor.ToolboxEditor {
 
     public getBlockTypeCounts(): pxt.Map<number> {
         if (!this.editor) return {};
-        
+
         const blocks = this.editor.getAllBlocks(false);
         const counts: pxt.Map<number> = {};
-        
+
         blocks.forEach(block => {
             counts[block.type] = (counts[block.type] || 0) + 1;
         });

From 7dae28ee8543844f3c3effebad5cd15d8bfe5083 Mon Sep 17 00:00:00 2001
From: Ryan <30853424+totally-not-frito-lays@users.noreply.github.com>
Date: Mon, 30 Jun 2025 07:26:53 -0700
Subject: [PATCH 6/6] fixed one more trailing whitespace

---
 webapp/src/blocks.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapp/src/blocks.tsx b/webapp/src/blocks.tsx
index 1f6e1cafd7..8b639986ac 100644
--- a/webapp/src/blocks.tsx
+++ b/webapp/src/blocks.tsx
@@ -1058,7 +1058,7 @@ export class Editor extends toolboxeditor.ToolboxEditor {
         blocks.forEach(block => {
             counts[block.type] = (counts[block.type] || 0) + 1;
         });
-        
+
         return counts;
     }