1.15.2

[v1.15.2] - 2026-02-07

Changed

• Updated psy/psysh: 0.12.18 → 0.12.19 (#51)

What's Changed

• chore(deps)(deps): bump psy/psysh from 0.12.18 to 0.12.19 by @dependabot[bot] in #51
• docs(changelog): add v1.15.2 entry for psy/psysh dependency update by @josego85 in #52

Full Changelog: v1.15.1...v1.15.2

1.15.1

[v1.15.1] - 2026-01-30

Changed

• Updated GitHub Actions dependencies:
  • actions/upload-artifact: 5.0.0 → 6.0.0
  • actions/cache: 4.2.0 → 5.0.1

Security

• Updated phpunit/phpunit: 11.5.46 → 11.5.50 (security patch)
• Updated symfony/process: 7.4.3 → 7.4.5 (security patch)

What's Changed

• chore(ci)(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #39
• chore(ci)(deps): bump actions/cache from 4.2.0 to 5.0.1 by @dependabot[bot] in #37
• chore(deps)(deps-dev): bump phpunit/phpunit from 11.5.46 to 11.5.50 by @dependabot[bot] in #47
• chore(deps)(deps): bump symfony/process from 7.4.3 to 7.4.5 by @dependabot[bot] in #48
• chore(ci)(deps): bump the github-actions group with 2 updates by @dependabot[bot] in #36
• docs(changelog): improve v1.15.1 format and categorize security updates by @josego85 in #49

Full Changelog: v1.15.0...v1.15.1

1.15.0

[v1.15.0] - 2026-01-16

Added

• Form Request validation classes for authentication endpoints (RegisterRequest, LoginRequest)
• Rate limiting on authentication endpoints (3 registrations/hour, 5 login attempts/minute)
• Security logging for authentication events (failed attempts, successful logins, registrations, logouts)
• Logout endpoint with JWT token invalidation (POST /api/v1/user/logout)
• CORS configuration environment variable (CORS_ALLOWED_ORIGINS)
• Comprehensive test suite: 59 new tests covering authentication, JWT middleware, form requests, and resources
  • AuthApiTest: Authentication flows (register, login, logout)
  • JWTMiddlewareTest: JWT token validation and error handling
  • LoginRequestTest & RegisterRequestTest: Form validation rules and messages
  • TranslationCollectionTest: Resource collection pagination
  • Enhanced coverage for TranslationController, WordController exception handling

Changed

• Refactored AuthController to use Form Request classes
• Enhanced password validation (12+ chars, mixed case, numbers, symbols, uncompromised check)
• Improved error handling with generic messages for security (prevent information leakage)
• Updated CORS configuration to be restrictive (no wildcards, specific origins only)
• Changed password confirmation field from c_password to password_confirmation (Laravel standard)
• Test coverage increased from 63.2% to 91.9% (28.7% improvement, exceeding 74% target)
• Updated Docker infrastructure dependencies:
  • PHP: 8.4.15 → 8.4.16
  • Redis: 7.4.5 → 7.4.7
  • NGINX: 1.29.3 → 1.29.4
• Updated dependencies:
  • predis/predis: 3.0.1 → 3.3.0
  • nuwave/lighthouse: 6.63.2 → 6.64.0
  • webonyx/graphql-php: 15.29.3 → 15.29.4 (indirect dependency patch update)
• Updated development dependencies:
  • rector/rector: 2.2.8 → 2.3.0
  • laravel/pint: 1.24.0 → 1.27.0
  • larastan/larastan: 3.5.0 → 3.8.1
• Migrated validation rules from pipe-separated strings to array format (Laravel 12 best practice)
• Updated Eloquent scopes visibility from public to protected (Laravel 11+ standard)
• Replaced closures with arrow functions where applicable for cleaner code
• Added #[Override] attributes to Form Request methods for type safety
• Applied Laravel Pint code style fixes for arrow function spacing
• Cleaned up PHPStan configuration (removed obsolete error suppressions)
• CI workflow: Updated composer validation to suppress version constraint warnings (--no-check-all)
• CI workflow: Added JWT secret generation in test environment to fix authentication tests
• Enhanced SecurityHeaders middleware test coverage (6 comprehensive test cases)

Security

• Implemented restrictive CORS policy (configurable allowed origins)
• Added comprehensive rate limiting to prevent brute force attacks
• Enhanced password complexity requirements (12+ characters, mixed case, numbers, symbols)
• Sanitized error messages to prevent user enumeration and information disclosure
• Added security event logging for audit trails
• Implemented HTTP security headers middleware (HSTS, X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy)
• Upgraded Spatie CSP from v2.10.3 to v3.21.0 with strict deny-by-default policy (default-src 'none')

Removed

• Deleted tests/Feature/ExampleTest.php (replaced with production-ready test suite)

What's Changed

• Feat/security by @josego85 in #40

Full Changelog: v1.14.2...v1.15.0

1.14.2

[v1.14.2] - 2026-01-04

Changed

• Updated GitHub Actions dependencies for improved CI/CD security and performance:
  • actions/dependency-review-action: 4.3.4 → 4.8.2
  • github/codeql-action: 4.31.2 → 4.31.8
  • actions/checkout: 6.0.0-pre.beta → 6.0.0
• Updated Composer dependencies:
  • nuwave/lighthouse: 6.62.0 → 6.63.1 (GraphQL server)
  • league/commonmark: 2.7.1 → 2.8.0 (Markdown parser)
  • Multiple Symfony components upgraded to 7.4.0:
    • symfony/console, symfony/http-kernel, symfony/http-foundation
    • symfony/mailer, symfony/routing, symfony/process
    • symfony/finder, symfony/mime, symfony/translation
    • symfony/css-selector, symfony/error-handler, symfony/uid, symfony/var-dumper, symfony/clock
  • BREAKING: Symfony 8.0 components:
    • symfony/event-dispatcher: 7.3.3 → 8.0.0
    • symfony/string: 7.3.4 → 8.0.0

What's Changed

• chore(ci)(deps): bump the github-actions group across 1 directory with 2 updates by @dependabot[bot] in #32
• chore(ci)(deps): bump actions/checkout from 6.pre.beta to 6.0.0 by @dependabot[bot] in #23
• chore(deps)(deps): bump nuwave/lighthouse from 6.62.0 to 6.63.1 by @dependabot[bot] in #29
• chore(deps): update dependencies by @josego85 in #33

Full Changelog: v1.14.1...v1.14.2

v1.14.1

[v1.14.1] - 2025-11-28

Added

• CI/CD pipeline with GitHub Actions (security audit, tests with 74% coverage, code style, static analysis)
• Dependabot configuration for automated dependency updates
• GitHub templates (Issue templates, PR template)
• CONTRIBUTING.md with contribution guidelines
• Composer scripts: composer ci, composer test, composer pint-test, composer phpstan, composer rector-check
• New development dependency: webmozart/assert 1.12.1
• Feature tests for Translation API endpoints (8 tests covering CRUD operations)
• Feature tests for Word API endpoints (10 tests covering CRUD operations and search)
• Unit tests for CacheService (7 tests for cache operations and key generation)
• Unit tests for Translation model (2 tests for relationships and scopes)
• Unit tests for TranslationService (10 tests for service layer logic)
• Unit tests for Word model (5 tests for relationships and scopes)
• Unit tests for WordService (10 tests for service layer logic)
• Code coverage report generation with composer test-coverage (HTML report in /coverage)
• XDEBUG_MODE=coverage configuration for accurate code coverage metrics
• Coverage directory added to .gitignore

Changed

• Updated README.md with CI and Codecov badges
• Updated development dependencies:
  • driftingly/rector-laravel: 2.0.5 → 2.1.3
  • rector/rector: 2.1.2 → 2.2.8
• Updated composer dependencies:
  • brick/math: 0.14.0 → 0.14.1
  • laravel/prompts: 0.3.7 → 0.3.8
  • laravel/serializable-closure: 2.0.6 → 2.0.7
  • nette/utils: 4.0.8 → 4.0.9
• Modified rector-check composer script to continue on errors (|| true)
• Updated PHPStan configuration to ignore false positives from JWTAuth facade methods
• Removed --strict flag from composer validate in CI workflow to allow exact version constraints (application best practice)
• Updated HTTP status codes for REST API compliance:
  • POST endpoints now return 201 Created instead of 200 OK
  • DELETE endpoints now return 204 No Content instead of 200 OK
• Updated validation rules in FormRequests:
  • StoreTranslationRequest: Changed from spanish_word/german_word to language/translation fields
  • UpdateTranslationRequest: Renamed validation field from translation to translation_id to avoid conflicts
  • StoreWordRequest: Added required validation for english_word field
• Updated CI/CD coverage threshold from 85% to 74% to match current coverage metrics
• Standardized all code comments to use proper English capitalization (e.g., "English" instead of "english")
• Updated test expectations to return 422 (Unprocessable Entity) instead of 404 for validation failures on non-existent IDs
• Modified .gitignore to properly exclude /coverage directory

Refactored

• Applied Laravel Pint code style formatting to WordResource and WordRepository
• Simplified WordServiceTest:
  • Removed unnecessary database transaction mocks
  • Cleaned up unused imports
  • Updated test methods to align with current service implementation
  • Improved test clarity and maintainability
• Improved TranslationCollection to handle both CursorPaginator and LengthAwarePaginator types
• Fixed factory usage in WordApiTest to avoid unique constraint violations
• Enhanced Mockery test expectations in TranslationServiceTest to handle setAttribute() calls

Fixed

• Fixed markdownlint warnings in CHANGELOG.md (blank lines around headings, lists, and code blocks)
• Fixed Mockery errors in unit tests by adding shouldReceive('setAttribute') expectations
• Fixed type error in TranslationCollection::buildCursorLinks() by adding paginator type check
• Fixed unique constraint violations in factory-generated test data
• Fixed TranslationService comment from "Delete a english word" to "Delete a translation"
• Corrected all lowercase language references in PHPDoc comments (english → English)
• Fixed test coverage command to include XDEBUG_MODE environment variable
• Fixed git safe directory warning for Docker environment

Test Coverage

• Overall coverage: 74.82% lines, 80.91% methods, 66.67% classes
• 100% coverage on critical components: Models, Services, Repositories, Form Requests
• 60 tests with 213 assertions, all passing

What's Changed

• docs: update changelog by @josego85 in #19
• chore(ci): add GitHub Actions CI/CD pipeline and development tooling by @josego85 in #20

Full Changelog: v1.14.0...v1.14.1

v1.14.0

[v1.14.0] - 2025-11-21

Changed

• BREAKING: Replaced cursor-based pagination with offset pagination in GET /api/v1/words
  • Removed cursor parameter, added page parameter
  • Changed from CursorPaginator to LengthAwarePaginator
  • Removed cursor pagination links from response
• BREAKING: Normalized translations table structure
  • Changed from multiple language columns (spanish_word, german_word) to single row per translation with language and translation columns
  • Added migration to safely migrate existing data
  • Supports unlimited languages via ISO 639-1 codes (en, es, de, fr, etc)
• BREAKING: Updated API response format in WordResource
  • Changed english_word field to word
  • Added translations array with simplified structure (removed id, word_id, created_at, updated_at from translations)
  • Translations now only include language and translation fields
• Upgraded Laravel framework from v12.20.0 to v12.39.0.
• Upgraded PHP-FPM from 8.4.10 to 8.4.15
• Updated Node.js version in Dockerfile from 22.17.0 to 22.21.1
• Updated MySQL Docker image from 8.4.5 to 8.4.7
• Updated Nginx Docker image from 1.25.0 to 1.29.3

Added

• Added search functionality to GET /api/v1/words endpoint
  • New search query parameter for filtering words
  • Searches across English words and all translations
• Added WordFactory and TranslationFactory for testing and seeding
• Added comprehensive WordSeeder with 25 technical terms and translations
• Added helper methods to Word model:
  • getTranslation(string $language): ?Translation - Get translation for specific language
  • setTranslation(string $language, string $translation): Translation - Update or create translation
  • scopeSearch(string $search) - Search scope for querying words and translations
• Added scopeLanguage query scope to Translation model
• GraphQL enhancements:
  • Added DateTime scalar type definition in schema
  • Added pagination support to words query with first and page parameters
  • Added search functionality to GraphQL words query using @scope directive
  • Added filter parameters to translations query (language, word_id)
  • Added translationsByLanguage query for fetching translations by specific language
  • Added timestamps (created_at, updated_at) to Word and Translation GraphQL types
  • Updated Translation type with normalized structure (language and translation fields)

Improved

• Docker Compose Profiles: Implemented profile-based architecture for optional development tools in docker-compose.override.yml
  • Added quality profile for SonarQube (code quality analysis) and Sonar Scanner cli
  • Added tools profile for enabling all optional tools at once
  • Optimized default development startup by making resource-intensive tools opt-in
  • Enhanced developer experience with faster startup times for daily development

Documentation

• Updated docs/guides/rest.md with new pagination structure and search examples
• Updated docs/guides/graphql.md with:
  • Altair GraphQL Client browser extension installation instructions
  • New query examples for pagination and search
  • Updated schema documentation with normalized translation structure
  • Added examples for filtering translations by language
• All documentation now reflects the normalized database structure and new API features

Fixed

• Fixed PHPStan static analysis errors:
  • Updated TranslationController to use offset pagination (page instead of cursor)
  • Updated TranslationResource to use normalized fields (language, translation)
  • Added explicit type hint for Translation model in WordResource closure
  • Fixed WordRepository::update() to use Eloquent's update() method and fresh() for refreshed model
  • Updated TranslationService, TranslationRepository, and TranslationRepositoryInterface to use offset pagination
  • Updated TranslationService create/update methods to use normalized structure

Removed

• Removed CursorPaginationLinks trait and cursor pagination support
• Removed spanish_word and german_word columns from translations table
• Removed deprecated updateAttributes() method usage

What's Changed

• build(deps-dev): bump vite from 7.1.5 to 7.1.12 by @dependabot[bot] in #17
• feat!: Normalize translations schema and add search functionality (v1.14.0) by @josego85 in #18

Full Changelog: v1.13.2...v1.14.0

v1.13.2

[v1.13.2] - 2025-09-14

Fixed

• Upgraded axios to version >=1.12.0 to address high-severity DoS vulnerability (GHSA-4hjh-wcwx-xvwj).
• Upgraded vite to version >7.0.6 to resolve vulnerabilities related to middleware serving files with the same name as the public directory (GHSA-g4jq-h2w9-997c) and server.fs settings not being applied to HTML files (GHSA-jqfw-vq24-v9c3).
• Ran npm audit fix to address all reported vulnerabilities, resulting in 0 vulnerabilities.

Full Changelog: v1.13.1...v1.13.2

v1.13.1

[v1.13.1] - 2025-07-24

Added

• Added Rector development dependency to the project for automated code refactoring.
• Added documentation about Rector usage and configuration (rector.md).

Changed

• Ran Rector to improve code quality:
  • Added #[\Override] attribute to applicable overridden methods automatically.
  • Added readonly keyword to constructor-promoted properties that are only assigned once and never mutated.
  • Added explicit type declarations (e.g., int) to class constants for improved type safety and clarity.
  • Refactored service container bindings to use arrow functions (fn) for more concise syntax (e.g., CacheService singleton binding).
  • Updated catch blocks to omit unused exception variables using PHP 8 syntax for cleaner exception handling.
  • Added explicit string casting when calling explode() on environment variables to ensure type safety and prevent runtime errors.
  • Updated conditional checks to verify that variables are instances of expected classes (e.g., $updated instanceof \App\Models\Word) for improved type safety.
  • Changed empty check on arrays to strict comparison ($guards === []) for more precise logic handling.

v1.13.0

[v1.13.0] - 2025-07-17

Added

• Integrated GraphQL support for querying Word and Translation entities.
• Added GraphQL types for Word and Translation models.
• Implemented GraphQL queries:
  • words and word(id: ID!) to fetch English words.
  • translations and translation(id: ID!) to fetch Spanish and German translations.
  • Query to fetch translations by word ID.
• Added GraphQL schema definitions including types and query declarations (no custom resolvers).
• Added Xdebug support for PHP debugging.
• Added Nginx container as a web server for the PHP-FPM service.
• Added index, show, update, store, and destroy methods to TranslationController.
• Added custom FormRequest classes for validation in translation and word endpoints.
• Added service and repository layers for managing Translation logic.
• Added entrypoint.sh script to set proper permissions for Laravel storage and bootstrap folders.
• Added Laravel Pint configuration.
• Added Composer commands:
  • "pint-test": "./vendor/bin/pint --config=pint.json --test"
  • "pint": "./vendor/bin/pint --config=pint.json"

Changed

• Updated README.md:
  • Refreshed version badges.
• Updated TODO.md with completed and pending tasks.

Fixed

• Fixed logic in index, show, update, store, and destroy methods in WordController.
• Refactored word and translation request validation using custom FormRequest classes.
• Fixed implementation in Word service and repository layers.
• Fixed type casting issues:
  • Converted route parameter word from string to int in controller before passing to service.
  • Converted route parameter translation from string to int in controller before passing to service.
  • Updated IndexRequest::getCursor() to return a ?string instead of a Stringable.
• Removed duplicate Xdebug extension line in xdebug.ini that caused the extension to load twice.
• Fixed incorrect PHPStan configuration:
  • Updated phpstan.neon to reference vendor/larastan/larastan/extension.neon.

Refactored

• Used PHPStan to refactor and improve code quality in TranslationService.
• Refactored codebase using Laravel Pint with its configuration.

Updated

• Updated package laravel/pint from version v1.11.0 to v1.24.0.

Removed

• Removed package laravel/sail.

Replaced

• Replaced abandoned package nunomaduro/larastan with larastan/larastan.

v1.12.3

[v1.12.3] - 2025-07-14

Added

• Integrated PHPStan for static code analysis.

Changed

• Executed PHPStan and made several improvements to comply with static analysis standards and Laravel best practices.
• Updated docs/guides/setup.md:
  • Added php artisan jwt:secret setup step.
  • Noted the required .env variable JWT_SECRET=.

Fixed

• Refactored the method signature of getAllWordsWithTranslations() in the WordRepository:
  • Removed the default value from the $perPage parameter to avoid deprecated parameter order issues in PHP 8+.
• Improved the translations relationship in the Word model:
  • Added missing import for the Translation model.
  • Added PHPDoc annotations to improve Larastan compatibility and IDE autocompletion.
• Resolved property access warnings in WordResource:
  • Added @mixin \App\Models\Word annotation to inform static analyzers of the underlying model.
  • Explicitly typed the $translation variable to help PHPStan infer the correct model and avoid false positives.
• Fixed return type in WordCollection::toArray():
  • Converted the collection to a plain array using $this->collection->all() to satisfy PHPStan's type expectations.
• Updated PHPDoc types of $fillable and $hidden in User model to use list<string> to comply with Laravel base model definition and fix PHPStan covariance warnings.
• Fixed docs/api/README.md:
  • Clarified authentication endpoints