What shipped
All reposKey FrontendKeystoneKey Service Sites (KSL/GHK)Training Centre (STC/CPD)Key ProtosKeyflowCompany Backend (Strapi)Key Docs
All authorsJoshYG-TheKeyOwenTourlamainRhadamanthus1TheTomWardalex-wilson-the-keycpoteylunky84robin-agentsarahcthekeysnyk-io-eu[bot]
7 PRs · 2 repos · 1 contributor · 6 Jun – 6 Jul
Thursday, 2 July 2026
Key Frontend
- Rrobin-agentEnabled administrators to assign coming-soon training items in advance and fixed the My Training notification badge to exclude those items that aren't yet available.#2108 — feat: PENG-3648 make coming-soon items selectable and fix badge count
Thursday, 25 June 2026
Key Frontend
- Rrobin-agentThe expired assignment feature is now enabled in production, allowing users to see assignments marked as expired at the end of the academic year instead of overdue.#2105 — feat: enable SHOW_EXPIRED_ASSIGNMENTS in production
- Rrobin-agentAdmins assigning training courses now receive warnings when selecting courses being replaced, the extend assignment feature has been removed from the UI, and expiry messaging has been updated to reflect the new academic year-end expiration model.#2104 — feat(training): course end date restrictions and expired assignment updates
Wednesday, 24 June 2026
Company Backend (Strapi)
- Rrobin-agentFixed security vulnerabilities in lodash-es and fast-xml-parser by adding dependency overrides and upgrading packages to safer versions.#68 — fix: PENG-3041 override lodash-es and upgrade fast-xml-parser to 5.x
Tuesday, 23 June 2026
Company Backend (Strapi)
- Rrobin-agentAdditional vulnerable transitive dependencies in company-backend have been patched through pnpm overrides to address remaining security vulnerabilities like prototype pollution and HTTP response splitting issues.#67 — fix: PENG-3041 override additional vulnerable transitive dependencies
- Rrobin-agentSeventy-one vulnerable transitive dependencies introduced by Strapi have been mitigated by pinning safe patched versions through pnpm overrides, addressing critical security issues while maintaining API compatibility.#66 — fix: PENG-3041 override vulnerable transitive dependencies
Key Frontend
- Rrobin-agentSocket.IO WebSocket connections from the browser to the assistant tunnel on rentabot are now proxied through the frontend domain to avoid being blocked by Cloudflare Access restrictions.#2095 — fix: PENG-3498 proxy Socket.IO through frontend domain on rentabot