v1.4.1 deviates from the javscript version of zxcvbn

[JohanMouritsen]

in this commit:
603e015
the regex for checking if a recent year is in the password was changed to include future and more present years.
While this is probably better, it is not in line with the original zxcvbn library:
https://github.com/dropbox/zxcvbn/blob/67c4ece9efc40c9d0a1d7d995b2b22a91be500c2/src/matching.coffee#L38

As such if you rely on both your front and backend to do these checks, then a password like this:
xvjcz2025
is a 2 on the php version, but a 3 on the javascript version.

[mkopinsky]

The javascript library hasn't been updated in many years. While we do aim to match the scoring from the upstream, there are limits to where that makes sense and I think this is one of them.