What shipped
All reposKey FrontendKeystoneKey Service Sites (KSL/GHK)Training Centre (STC/CPD)Key ProtosKeyflowCompany Backend (Strapi)Key Docs
All authorsJoshYG-TheKeyOwenTourlamainRhadamanthus1TheTomWardalex-wilson-the-keycpoteylunky84robin-agentsarahcthekeysnyk-io-eu[bot]
17 PRs · 4 repos · 6 contributors · 6 Jun – 6 Jul
Monday, 6 July 2026
Keystone
- Rrobin-agentKeystone's gRPC calls now have timeouts to prevent workers from hanging indefinitely on slow services, retries for transient failures, and the assignment cleanup moved off the blocking request path.#1497 — feat: PENG-3675 gRPC deadlines, retries & async assignment cleanup (supersedes #1496)
Training Centre (STC/CPD)
- Rrobin-agentThe training_centre service added timeouts and automatic retries to its gRPC calls so transient service issues don't silently break course completion flows.#1964 — feat: PENG-3675 add deadlines and native gRPC retries to service clients
- RRhadamanthus1The almanac calendar management tool was restored to the training_centre codebase after it was accidentally deleted during a code cleanup.#1965 — fix(almanac): PENG-3499 restore almanac wagtail admin
Thursday, 2 July 2026
Keystone
- Rrobin-agentAutomatically deleted orphaned training assignments when a user account is permanently removed from the system to prevent data inconsistencies.#1494 — feat(signals): PENG-3643 delete assignments when KeyUser is deleted
Training Centre (STC/CPD)
- Rrobin-agentPrevented accidental changes to SCOID identifiers on training pages once registrations exist, which was breaking the ability to sync completion data from ScormCloud.#1960 — fix: PENG-3637 prevent SCOID changes when registrations or results exist
- Llunky84Modified certificate downloads to reference training results through their unique IDs instead of a separate certificates table for better data consistency.#1962 — PENG-3540 certificates pass elearning result id
Wednesday, 1 July 2026
Keystone
- Llunky84User authentication now bypasses caching during password resets so that login immediately validates against the new password hash instead of stale cached credentials.#1493 — PENG-3667 fix reset password stop caching KeyUser
Training Centre (STC/CPD)
- Llunky84The e-learning certificate API now exposes the record ID so clients can identify which e-learning result each certificate corresponds to.#1961 — PENG-3540 certificates from record id
Monday, 29 June 2026
Training Centre (STC/CPD)
- Rrobin-agentTraining content marked as 'new' will now automatically stop appearing as new after 2 months, eliminating the need for manual updates and preventing stale content from being labeled as fresh.#1959 — feat: PENG-3652 auto-expire is_new label after 2 months
Friday, 26 June 2026
Keyflow
- CcpoteyEnsured the local development database doesn't restore a stale deprecated validation URL when reset, preventing authentication issues during testing.#68 — fix(db): PENG-3645 clear MYKEY authorisation_redirect_url in set-data…
Keystone
- CcpoteyRemoved a stale redirect URL from the MYKEY application record that was causing login flows to hit a deprecated endpoint instead of returning users to their intended destination.#1490 — fix(auth): PENG-3645 clear MYKEY authorisation_redirect_url via data …
Training Centre (STC/CPD)
- Rrobin-agentPrevented learner course completion status from reverting to incomplete when they re-access a finished ScormCloud course, ensuring consistent data between status and completion timestamps.#1957 — fix: PENG-3637 prevent status regression on ScormCloud re-access sync
- Ssnyk-io-eu[bot]Updated the PostgreSQL Docker image from version 16.11 to 16.14 to address three security vulnerabilities.#1955 — [Snyk] Security upgrade postgres from 16.11 to 16.14
Wednesday, 24 June 2026
Company Backend (Strapi)
- Rrobin-agentFixed security vulnerabilities in lodash-es and fast-xml-parser by adding dependency overrides and upgrading packages to safer versions.#68 — fix: PENG-3041 override lodash-es and upgrade fast-xml-parser to 5.x
Tuesday, 23 June 2026
Company Backend (Strapi)
- Rrobin-agentAdditional vulnerable transitive dependencies in company-backend have been patched through pnpm overrides to address remaining security vulnerabilities like prototype pollution and HTTP response splitting issues.#67 — fix: PENG-3041 override additional vulnerable transitive dependencies
- Rrobin-agentSeventy-one vulnerable transitive dependencies introduced by Strapi have been mitigated by pinning safe patched versions through pnpm overrides, addressing critical security issues while maintaining API compatibility.#66 — fix: PENG-3041 override vulnerable transitive dependencies
Training Centre (STC/CPD)
- Aalex-wilson-the-keyThe training centre service now exposes an endpoint for the orca service to retrieve elearning results data, enabling service-to-service communication with proper authentication.#1950 — chore(certificates-part-5): PENG-3540 elearning data endpoint