What shipped
All reposKey FrontendKeystoneKey Service Sites (KSL/GHK)Training Centre (STC/CPD)Key ProtosKeyflowCompany Backend (Strapi)Key Docs
All authorsJoshYG-TheKeyOwenTourlamainRhadamanthus1TheTomWardalex-wilson-the-keycpoteylunky84robin-agentsarahcthekeysnyk-io-eu[bot]
8 PRs · 3 repos · 3 contributors · 6 Jun – 6 Jul
Monday, 6 July 2026
Keystone
- Rrobin-agentKeystone's gRPC calls now have timeouts to prevent workers from hanging indefinitely on slow services, retries for transient failures, and the assignment cleanup moved off the blocking request path.#1497 — feat: PENG-3675 gRPC deadlines, retries & async assignment cleanup (supersedes #1496)
Thursday, 2 July 2026
Keystone
- Rrobin-agentAutomatically deleted orphaned training assignments when a user account is permanently removed from the system to prevent data inconsistencies.#1494 — feat(signals): PENG-3643 delete assignments when KeyUser is deleted
Wednesday, 1 July 2026
Keystone
- Llunky84User authentication now bypasses caching during password resets so that login immediately validates against the new password hash instead of stale cached credentials.#1493 — PENG-3667 fix reset password stop caching KeyUser
Friday, 26 June 2026
Keyflow
- CcpoteyEnsured the local development database doesn't restore a stale deprecated validation URL when reset, preventing authentication issues during testing.#68 — fix(db): PENG-3645 clear MYKEY authorisation_redirect_url in set-data…
Keystone
- CcpoteyRemoved a stale redirect URL from the MYKEY application record that was causing login flows to hit a deprecated endpoint instead of returning users to their intended destination.#1490 — fix(auth): PENG-3645 clear MYKEY authorisation_redirect_url via data …
Wednesday, 24 June 2026
Company Backend (Strapi)
- Rrobin-agentFixed security vulnerabilities in lodash-es and fast-xml-parser by adding dependency overrides and upgrading packages to safer versions.#68 — fix: PENG-3041 override lodash-es and upgrade fast-xml-parser to 5.x
Tuesday, 23 June 2026
Company Backend (Strapi)
- Rrobin-agentAdditional vulnerable transitive dependencies in company-backend have been patched through pnpm overrides to address remaining security vulnerabilities like prototype pollution and HTTP response splitting issues.#67 — fix: PENG-3041 override additional vulnerable transitive dependencies
- Rrobin-agentSeventy-one vulnerable transitive dependencies introduced by Strapi have been mitigated by pinning safe patched versions through pnpm overrides, addressing critical security issues while maintaining API compatibility.#66 — fix: PENG-3041 override vulnerable transitive dependencies