What shipped
All reposKey FrontendKeystoneKey Service Sites (KSL/GHK)Training Centre (STC/CPD)Key ProtosKeyflowCompany Backend (Strapi)Key Docs
All authorsJoshYG-TheKeyOwenTourlamainRhadamanthus1TheTomWardalex-wilson-the-keycpoteylunky84robin-agentsarahcthekeysnyk-io-eu[bot]
16 PRs · 6 repos · 1 contributor · 6 Jun – 6 Jul
Monday, 6 July 2026
Key Service Sites (KSL/GHK)
- Rrobin-agentThe key_service_sites microservice now applies timeouts to all gRPC calls including page-rendering operations, preventing worker threads from getting stuck waiting for unresponsive backend services.#1983 — feat: PENG-3675 gRPC deadlines, 16MB limits, and django-q task retries
Keystone
- Rrobin-agentKeystone's gRPC calls now have timeouts to prevent workers from hanging indefinitely on slow services, retries for transient failures, and the assignment cleanup moved off the blocking request path.#1497 — feat: PENG-3675 gRPC deadlines, retries & async assignment cleanup (supersedes #1496)
Training Centre (STC/CPD)
- Rrobin-agentThe training_centre service added timeouts and automatic retries to its gRPC calls so transient service issues don't silently break course completion flows.#1964 — feat: PENG-3675 add deadlines and native gRPC retries to service clients
Thursday, 2 July 2026
Key Frontend
- Rrobin-agentEnabled administrators to assign coming-soon training items in advance and fixed the My Training notification badge to exclude those items that aren't yet available.#2108 — feat: PENG-3648 make coming-soon items selectable and fix badge count
Key Protos
- Rrobin-agentIncluded the publication status of training items in API responses so downstream services can see whether items are published or coming-soon.#117 — feat: PENG-3648 add status field to HydratedTrainingItem
Keystone
- Rrobin-agentAutomatically deleted orphaned training assignments when a user account is permanently removed from the system to prevent data inconsistencies.#1494 — feat(signals): PENG-3643 delete assignments when KeyUser is deleted
Training Centre (STC/CPD)
- Rrobin-agentPrevented accidental changes to SCOID identifiers on training pages once registrations exist, which was breaking the ability to sync completion data from ScormCloud.#1960 — fix: PENG-3637 prevent SCOID changes when registrations or results exist
Monday, 29 June 2026
Training Centre (STC/CPD)
- Rrobin-agentTraining content marked as 'new' will now automatically stop appearing as new after 2 months, eliminating the need for manual updates and preventing stale content from being labeled as fresh.#1959 — feat: PENG-3652 auto-expire is_new label after 2 months
Friday, 26 June 2026
Training Centre (STC/CPD)
- Rrobin-agentPrevented learner course completion status from reverting to incomplete when they re-access a finished ScormCloud course, ensuring consistent data between status and completion timestamps.#1957 — fix: PENG-3637 prevent status regression on ScormCloud re-access sync
Thursday, 25 June 2026
Key Frontend
- Rrobin-agentThe expired assignment feature is now enabled in production, allowing users to see assignments marked as expired at the end of the academic year instead of overdue.#2105 — feat: enable SHOW_EXPIRED_ASSIGNMENTS in production
- Rrobin-agentAdmins assigning training courses now receive warnings when selecting courses being replaced, the extend assignment feature has been removed from the UI, and expiry messaging has been updated to reflect the new academic year-end expiration model.#2104 — feat(training): course end date restrictions and expired assignment updates
Wednesday, 24 June 2026
Company Backend (Strapi)
- Rrobin-agentFixed security vulnerabilities in lodash-es and fast-xml-parser by adding dependency overrides and upgrading packages to safer versions.#68 — fix: PENG-3041 override lodash-es and upgrade fast-xml-parser to 5.x
Key Service Sites (KSL/GHK)
- Rrobin-agentMade text and messaging updates to the website for ticket 3635 to improve user-facing copy.#1978 — 3635 copy tweaks
Tuesday, 23 June 2026
Company Backend (Strapi)
- Rrobin-agentAdditional vulnerable transitive dependencies in company-backend have been patched through pnpm overrides to address remaining security vulnerabilities like prototype pollution and HTTP response splitting issues.#67 — fix: PENG-3041 override additional vulnerable transitive dependencies
- Rrobin-agentSeventy-one vulnerable transitive dependencies introduced by Strapi have been mitigated by pinning safe patched versions through pnpm overrides, addressing critical security issues while maintaining API compatibility.#66 — fix: PENG-3041 override vulnerable transitive dependencies
Key Frontend
- Rrobin-agentSocket.IO WebSocket connections from the browser to the assistant tunnel on rentabot are now proxied through the frontend domain to avoid being blocked by Cloudflare Access restrictions.#2095 — fix: PENG-3498 proxy Socket.IO through frontend domain on rentabot