Additional improvements for later adoption once Laravel 9 update is merged & tested

langleyfoxall / laravel-nist-password-rules

🔒 Laravel validation rules that follow the password related recommendations found in NIST Special Publication 800-63B section 5.

GNU Lesser General Public License v3.0

208 stars 49 forks source link

Additional improvements for later adoption once Laravel 9 update is merged & tested #49

Open SteJaySulli opened 2 years ago

SteJaySulli commented 2 years ago

@ziming submitted pr #44 which includes several improvements we should consider for future releases:

Allowing the use of Laravel 8's built in uncompromised password check where available
Removal of EOL PHP versions (< 7.4)

At the time of our most recent update we did not want to merge this as it could break support for legacy apps, but I have created this issue for reference as these are good ideas which we may wish to include in the next major version.

ziming commented 2 years ago

A side thought that I have, given that this is a security related package, by continuing to support versions of older PHP & laravel that no longer receive security updates, people will be less likely to update their apps and this in turn hurt their security even more.

Hence I feel is fair to drop EOL Laravel and PHP versions to encourage people to update to a version that at least still receive security patches