rollerworks · sstok · Nov 28, 2025 · Nov 28, 2025 · Nov 28, 2025 · Nov 28, 2025
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -17,12 +17,12 @@ jobs:
         strategy:
             matrix:
                 php-version:
-                    - '8.2'
+                    - '8.4'
 
         steps:
             -
                 name: 'Check out'
-                uses: 'actions/checkout@v2'
+                uses: 'actions/checkout@v4'
 
             -
                 name: 'Set up PHP'
@@ -34,13 +34,13 @@ jobs:
             -
                 name: 'Get Composer cache directory'
                 id: 'composer-cache'
-                run: 'echo "::set-output name=cache-dir::$(composer config cache-files-dir)"'
+                run: 'echo "cache_dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT'
 
             -
                 name: 'Cache dependencies'
-                uses: 'actions/cache@v2'
+                uses: 'actions/cache@v3'
                 with:
-                    path: '${{ steps.composer-cache.outputs.cache-dir }}'
+                    path: '${{ steps.composer-cache.outputs.cache_dir }}'
                     key: "php-${{ matrix.php-version }}-composer-locked-${{ hashFiles('composer.lock') }}"
                     restore-keys: 'php-${{ matrix.php-version }}-composer-locked-'
 
@@ -60,12 +60,12 @@ jobs:
         strategy:
             matrix:
                 php-version:
-                    - '8.2'
+                    - '8.4'
 
         steps:
             -
                 name: 'Check out'
-                uses: 'actions/checkout@v2'
+                uses: 'actions/checkout@v4'
 
             -
                 name: 'Set up PHP'
@@ -77,13 +77,13 @@ jobs:
             -
                 name: 'Get Composer cache directory'
                 id: 'composer-cache'
-                run: 'echo "::set-output name=cache-dir::$(composer config cache-files-dir)"'
+                run: 'echo "cache_dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT'
 
             -
                 name: 'Cache dependencies'
-                uses: 'actions/cache@v2'
+                uses: 'actions/cache@v3'
                 with:
-                    path: '${{ steps.composer-cache.outputs.cache-dir }}'
+                    path: '${{ steps.composer-cache.outputs.cache_dir }}'
                     key: "php-${{ matrix.php-version }}-composer-locked-${{ hashFiles('composer.lock') }}"
                     restore-keys: 'php-${{ matrix.php-version }}-composer-locked-'
 
@@ -104,23 +104,14 @@ jobs:
             matrix:
                 include:
                     -
-                        php-version: '8.2'
+                        php-version: '8.4'
                         composer-options: '--prefer-stable'
-                        symfony-version: '6.3'
-                    -
-                        php-version: '8.2'
-                        composer-options: '--prefer-stable'
-                        symfony-version: '^6.4'
-
-                    -
-                        php-version: '8.2'
-                        composer-options: '--prefer-stable'
-                        symfony-version: '^7.0'
+                        symfony-version: '^8.0'
 
         steps:
             -
                 name: 'Check out'
-                uses: 'actions/checkout@v2'
+                uses: 'actions/checkout@v4'
 
             -
                 name: 'Set up PHP'
@@ -132,13 +123,13 @@ jobs:
             -
                 name: 'Get Composer cache directory'
                 id: 'composer-cache'
-                run: 'echo "::set-output name=cache-dir::$(composer config cache-files-dir)"'
+                run: 'echo "cache_dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT'
 
             -
                 name: 'Cache dependencies'
-                uses: 'actions/cache@v2'
+                uses: 'actions/cache@v3'
                 with:
-                    path: '${{ steps.composer-cache.outputs.cache-dir }}'
+                    path: '${{ steps.composer-cache.outputs.cache_dir }}'
                     key: "php-${{ matrix.php-version }}-composer-locked-${{ hashFiles('composer.lock') }}"
                     restore-keys: 'php-${{ matrix.php-version }}-composer-locked-'
 
@@ -159,4 +150,4 @@ jobs:
             -
                 name: 'Run tests'
                 run: |
-                    vendor/bin/simple-phpunit
+                    vendor/bin/phpunit
diff --git a/.gitignore b/.gitignore
@@ -6,3 +6,4 @@
 symfony.lock
 .phpunit.result.cache
 .php-cs-fixer.cache
+.phpunit.cache
diff --git a/Makefile b/Makefile
@@ -8,7 +8,7 @@ install:
 	composer install --no-progress --no-interaction --no-suggest --optimize-autoloader --prefer-dist --ansi
 
 test:
-	vendor/bin/simple-phpunit --verbose
+	vendor/bin/phpunit
 
 # Linting tools
 phpstan: ensure

diff --git a/README.md b/README.md
@@ -25,7 +25,13 @@ for you.
 
 ## Requirements
 
-You need at least PHP PHP 8.2 and Symfony 6, mbstring is recommended but not required.
+You need at least PHP PHP 8.4 and Symfony 8, mbstring is recommended but not required.
+
+> [!NOTE]  
+> 
+> This package requires PHP 8.4 or higher and Symfony 8 or higher.
+> 
+> If you need support for older Symfony versions, use the [2.0 branch](https://github.com/rollerworks/PasswordStrengthValidator/tree/2.0).
 
 ## Basic Usage
 

diff --git a/UPGRADE.md b/UPGRADE.md
@@ -1,23 +1,30 @@
 UPGRADE
 =======
 
-## Upgrade from 1.7 to 2.0
+## Upgrade from 2.x to 3.0
 
-* The blacklist validator was removed.
+* Support for Symfony 6 and 7 was removed, PHP 8.4 and Symfony 8.0 is now the minimum required version.
 
-  Use the [NotCompromisedPassword](https://symfony.com/doc/current/reference/constraints/NotCompromisedPassword.html)
-  validator or [PasswordCommonList Validator](https://github.com/rollerworks/password-common-list) instead.
+* The constraints constructor was changed to better support the new Symfony validator.
 
-* The PwnedPassword validator was removed in favor of the Symfon
-  [NotCompromisedPassword](https://symfony.com/doc/current/reference/constraints/NotCompromisedPassword.html) validator.
+    * The required options are now the first arguments, and must have a value.
+    * Passing options as an array is no longer supported, use named arguments instead.
 
-* Support for Symfony 4 and 5 was removed, PHP 8.2 and Symfony 6.0 is now the minimum required version.
+  ```diff
+  - new PasswordRequirements(['minLength' => 8]);
+  + new PasswordRequirements(minLength: 8);
+  ```
 
-## Upgrade from 1.6 to 1.7
+  ```diff
+  - new PasswordStrength([minStrength' => 4]);
+  + new PasswordStrength(minStrength: 4);
+  ```
 
-* The blacklist validator was deprecated in favor of the [PasswordCommonList Validator](https://github.com/rollerworks/password-common-list).
-
-## Upgrade from 1.3 to 1.4
-
-* The PwnedPassword validator is deprecated in favor of the Symfony [NotCompromisedPassword](https://symfony.com/doc/current/reference/constraints/NotCompromisedPassword.html) validator
+* Support for annotation mapping was removed.
 
+    ```diff
+    -/**
+    - * @RollerworksPassword\PasswordStrength(minLength=7)
+    - */
+    +#[PasswordStrength(minLength: 7)]
+    ```
diff --git a/composer.json b/composer.json
@@ -19,18 +19,16 @@
         }
     ],
     "require": {
-        "php": ">=8.2",
-        "symfony/config": "^6.0 || ^7.0",
+        "php": ">=8.4",
+        "symfony/config": "^8.0",
         "symfony/polyfill-mbstring": "^1.5.0",
-        "symfony/translation": "^6.0 || ^7.0",
-        "symfony/validator": "^6.0 || ^7.0"
+        "symfony/translation": "^8.0",
+        "symfony/validator": "^8.0"
     },
     "require-dev": {
-        "phpstan/phpstan": "^1.10",
-        "phpstan/phpstan-phpunit": "^1.1",
-        "phpstan/phpstan-symfony": "^1.2",
-        "phpunit/phpunit": "^9.5",
-        "symfony/phpunit-bridge": "^6.0 || ^7.0"
+        "phpunit/phpunit": "^12.4",
+        "symfony/phpunit-bridge": "^8.0",
+        "rollerscapes/standards": "^1.0"
     },
     "minimum-stability": "dev",
     "prefer-stable": true,
@@ -52,7 +50,7 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-main": "2.0-dev"
+            "dev-main": "3.0-dev"
         }
     }
 }
diff --git a/docs/requirements-validation.md b/docs/requirements-validation.md
@@ -29,9 +29,9 @@ You can customize the validation error messages with the following:
 | missingNumbersMessage          | _'Your password must include at least one number.'_               |
 | missingSpecialCharacterMessage | _'Your password must contain at least one special character.'_    |
 
-## Annotations
+## Attributes
 
-If you are using annotations for validation, include the constraints namespace:
+If you are using attributes for validation, include the constraints namespace:
 
 ```php
 use Rollerworks\Component\PasswordStrength\Validator\Constraints as RollerworksPassword;
@@ -40,8 +40,6 @@ use Rollerworks\Component\PasswordStrength\Validator\Constraints as RollerworksP
 and then add the PasswordRequirements constraint to the relevant field:
 
 ```php
-/**
- * @RollerworksPassword\PasswordRequirements(requireLetters=true, requireNumbers=true, requireCaseDiff=true)
- */
+#[PasswordRequirements(requireLetters: true, requireNumbers: true, requireCaseDiff: true)]
 protected $password;
 ```
diff --git a/docs/strength-validation.md b/docs/strength-validation.md
@@ -34,9 +34,9 @@ constraint with the following options.
 | unicodeEquality | `bool`   | Consider characters from other scripts (unicode) as equal (default: `false`).           |
 |                 |          | When set to false `²` will seen as a special character rather then 2 in another script. |
 
-## Annotations
+## Attributes
 
-If you are using annotations for validation, include the constraints namespace:
+If you are using attributes for validation, include the constraints namespace:
 
 ```php
 use Rollerworks\Component\PasswordStrength\Validator\Constraints as RollerworksPassword;
@@ -45,8 +45,6 @@ use Rollerworks\Component\PasswordStrength\Validator\Constraints as RollerworksP
 and then add the PasswordStrength constraint to the relevant field:
 
 ```php
-/**
- * @RollerworksPassword\PasswordStrength(minLength=7, minStrength=3)
- */
+#[PasswordStrength(minLength: 7, minStrength: 3)]
 protected $password;
 ```
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
@@ -1,13 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
+<!-- https://phpunit.de/manual/current/en/appendixes.configuration.html -->
 <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-        xsi:noNamespaceSchemaLocation="vendor/phpunit/phpunit/phpunit.xsd"
-         backupGlobals="false"
-         colors="true"
+         xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/12.4/phpunit.xsd"
          bootstrap="vendor/autoload.php"
-         beStrictAboutTestsThatDoNotTestAnything="false"
          beStrictAboutOutputDuringTests="true"
-         beStrictAboutTodoAnnotatedTests="true"
+         displayDetailsOnTestsThatTriggerWarnings="true"
+         failOnWarning="true"
+         colors="true"
+         cacheDirectory=".phpunit.cache"
 >
     <php>
         <ini name="error_reporting" value="-1"/>
@@ -26,17 +27,16 @@
         </testsuite>
     </testsuites>
 
-    <coverage>
+    <coverage />
+
+    <source>
         <include>
             <directory>src/</directory>
         </include>
         <exclude>
+            <directory>src/Resources/</directory>
             <directory>vendor/</directory>
             <directory>tests/</directory>
         </exclude>
-    </coverage>
-
-    <listeners>
-        <listener class="Symfony\Bridge\PhpUnit\SymfonyTestsListener" />
-    </listeners>
+    </source>
 </phpunit>
diff --git a/src/Validator/Constraints/PasswordRequirements.php b/src/Validator/Constraints/PasswordRequirements.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /*
  * This file is part of the RollerworksPasswordStrengthValidator package.
  *
@@ -13,53 +15,23 @@
 
 use Symfony\Component\Validator\Constraint;
 
-/**
- * @Annotation
- *
- * @Target({"PROPERTY", "METHOD", "ANNOTATION"})
- */
 #[\Attribute(\Attribute::TARGET_PROPERTY | \Attribute::TARGET_METHOD | \Attribute::IS_REPEATABLE)]
 class PasswordRequirements extends Constraint
 {
-    public string $tooShortMessage = 'Your password must be at least {{length}} characters long.';
-    public string $missingLettersMessage = 'Your password must include at least one letter.';
-    public string $requireCaseDiffMessage = 'Your password must include both upper and lower case letters.';
-    public string $missingNumbersMessage = 'Your password must include at least one number.';
-    public string $missingSpecialCharacterMessage = 'Your password must contain at least one special character.';
-
-    public int $minLength = 6;
-    public bool $requireLetters = true;
-    public bool $requireCaseDiff = false;
-    public bool $requireNumbers = false;
-    public bool $requireSpecialCharacter = false;
-
     public function __construct(
-        mixed $options = null,
+        public string $tooShortMessage = 'Your password must be at least {{length}} characters long.',
+        public string $missingLettersMessage = 'Your password must include at least one letter.',
+        public string $requireCaseDiffMessage = 'Your password must include both upper and lower case letters.',
+        public string $missingNumbersMessage = 'Your password must include at least one number.',
+        public string $missingSpecialCharacterMessage = 'Your password must contain at least one special character.',
+        public int $minLength = 6,
+        public bool $requireLetters = true,
+        public bool $requireCaseDiff = false,
+        public bool $requireNumbers = false,
+        public bool $requireSpecialCharacter = false,
         ?array $groups = null,
         mixed $payload = null,
-        ?int $minLength = null,
-        ?bool $requireLetters = null,
-        ?bool $requireCaseDiff = null,
-        ?bool $requireNumbers = null,
-        ?bool $requireSpecialCharacter = null,
-        ?string $tooShortMessage = null,
-        ?string $missingLettersMessage = null,
-        ?string $requireCaseDiffMessage = null,
-        ?string $missingNumbersMessage = null,
-        ?string $missingSpecialCharacterMessage = null
     ) {
-        parent::__construct($options ?? [], $groups, $payload);
-
-        $this->tooShortMessage = $tooShortMessage ?? $this->tooShortMessage;
-        $this->missingLettersMessage = $missingLettersMessage ?? $this->missingLettersMessage;
-        $this->requireCaseDiffMessage = $requireCaseDiffMessage ?? $this->requireCaseDiffMessage;
-        $this->missingNumbersMessage = $missingNumbersMessage ?? $this->missingNumbersMessage;
-        $this->missingSpecialCharacterMessage = $missingSpecialCharacterMessage ?? $this->missingSpecialCharacterMessage;
-
-        $this->minLength = $minLength ?? $this->minLength;
-        $this->requireLetters = $requireLetters ?? $this->requireLetters;
-        $this->requireCaseDiff = $requireCaseDiff ?? $this->requireCaseDiff;
-        $this->requireNumbers = $requireNumbers ?? $this->requireNumbers;
-        $this->requireSpecialCharacter = $requireSpecialCharacter ?? $this->requireSpecialCharacter;
+        parent::__construct($groups, $payload);
     }
 }
diff --git a/src/Validator/Constraints/PasswordRequirementsValidator.php b/src/Validator/Constraints/PasswordRequirementsValidator.php
@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 /*
  * This file is part of the RollerworksPasswordStrengthValidator package.
  *