Fix changelog breaking changes notice (#961)

mdmower-csnw · web-flow · commit 4c5ebc19de74 · 2024-09-02T16:45:41.000-04:00
The breaking change included in entry (2024-08-31) was not added
correctly. Fix it.
diff --git a/CHANGE_HISTORY.md b/CHANGE_HISTORY.md
@@ -7,16 +7,25 @@
 
 ### breaking change
 
-* by defaulting to `true` when not defined by the user.
-
-Add tests:
-1. Make sure `AjvOptions` sets the value appropriately based on whether
-   the end user defined `allErrors` or not.
-2. When validating requests, make sure the number of errors reported
-   (when multiple occur) is 1 when `allErrors` is `false`.
-
-The `allErrors` configuration for OpenAPISchemaValidator is not changed
-by this commit since that validation is for trusted content.
+By default, request and response validation now stops after the first failure. Only one error will be reported even when multiple may exist. This follows best practices from AJV:
+- [Security risks of trusted schemas](https://ajv.js.org/security.html#security-risks-of-trusted-schemas)
+- [`allErrors` option](https://ajv.js.org/options.html#allerrors)
+
+To report all validation errors (only recommended in development), option `allErrors` can be set in options `validateRequests` and/or `validateResponses`. For example:
+
+```ts
+app.use(
+  OpenApiValidator.middleware({
+    apiSpec: 'path/to/openapi.json',
+    validateRequests: {
+      allErrors: true,
+    },
+    validateResponses: {
+      allErrors: true,
+    },
+  })
+);
+```
 
 
 ##  (2024-08-24)
