Merge branch 'master' into oas3.1

Author: carmine

.github/workflows/default.yml

@@ -2,6 +2,9 @@ name: Build and Test
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest

CHANGE_HISTORY.md

@@ -1,3 +1,34 @@
+##  (2024-09-18)
+
+* fix: upgrade @types/multer from 1.4.11 to 1.4.12 (#983) ([0fa043e](https://github.com/cdimascio/express-openapi-validator/commit/0fa043e)), closes [#983](https://github.com/cdimascio/express-openapi-validator/issues/983)
+* feat(path-to-regexp): path-to-regexp 8.1.0 update (#976) ([70cce65](https://github.com/cdimascio/express-openapi-validator/commit/70cce65)), closes [#976](https://github.com/cdimascio/express-openapi-validator/issues/976)
+
+
+
+##  (2024-09-13)
+
+* bodyParsers is deprecated so update with expess bodyParsers (#974) ([6dc3b97](https://github.com/cdimascio/express-openapi-validator/commit/6dc3b97)), closes [#974](https://github.com/cdimascio/express-openapi-validator/issues/974)
+* Update README.md ([772d1dc](https://github.com/cdimascio/express-openapi-validator/commit/772d1dc))
+* Update README.md ([de4219e](https://github.com/cdimascio/express-openapi-validator/commit/de4219e))
+* fix: upgrade express-openapi-validator from 5.2.0 to 5.3.1 (#960) ([bd636bb](https://github.com/cdimascio/express-openapi-validator/commit/bd636bb)), closes [#960](https://github.com/cdimascio/express-openapi-validator/issues/960)
+* chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /examples/9-nestjs (#964) ([148fa90](https://github.com/cdimascio/express-openapi-validator/commit/148fa90)), closes [#964](https://github.com/cdimascio/express-openapi-validator/issues/964)
+* chore(deps-dev): bump braces in /examples/7-response-date-serialization (#963) ([aa3018a](https://github.com/cdimascio/express-openapi-validator/commit/aa3018a)), closes [#963](https://github.com/cdimascio/express-openapi-validator/issues/963)
+
+
+
+##  (2024-09-06)
+
+* fix: Dereference path parameters (#962) ([0aebe5d](https://github.com/cdimascio/express-openapi-validator/commit/0aebe5d)), closes [#962](https://github.com/cdimascio/express-openapi-validator/issues/962)
+* fix: upgrade express-openapi-validator from 5.2.0 to 5.3.1 (#951) ([5b0058d](https://github.com/cdimascio/express-openapi-validator/commit/5b0058d)), closes [#951](https://github.com/cdimascio/express-openapi-validator/issues/951)
+* [StepSecurity] ci: Harden GitHub Actions (#959) ([78e55be](https://github.com/cdimascio/express-openapi-validator/commit/78e55be)), closes [#959](https://github.com/cdimascio/express-openapi-validator/issues/959)
+* Fix changelog breaking changes notice (#961) ([0a8dc2f](https://github.com/cdimascio/express-openapi-validator/commit/0a8dc2f)), closes [#961](https://github.com/cdimascio/express-openapi-validator/issues/961)
+* update README ([7334ccd](https://github.com/cdimascio/express-openapi-validator/commit/7334ccd))
+* chore(deps-dev): bump braces in /examples/5-custom-operation-resolver (#958) ([eda5612](https://github.com/cdimascio/express-openapi-validator/commit/eda5612)), closes [#958](https://github.com/cdimascio/express-openapi-validator/issues/958)
+* chore(deps): bump braces in /examples/4-eov-operations-babel (#957) ([749a8c8](https://github.com/cdimascio/express-openapi-validator/commit/749a8c8)), closes [#957](https://github.com/cdimascio/express-openapi-validator/issues/957)
+* chore(deps): bump webpack and @nestjs/cli in /examples/9-nestjs (#953) ([299aad6](https://github.com/cdimascio/express-openapi-validator/commit/299aad6)), closes [#953](https://github.com/cdimascio/express-openapi-validator/issues/953)
+
+
+
 ##  (2024-08-31)
 
 * Change AJV allErrors default and support user setting (#955) ([392f1dd](https://github.com/cdimascio/express-openapi-validator/commit/392f1dd)), closes [#955](https://github.com/cdimascio/express-openapi-validator/issues/955) [#954](https://github.com/cdimascio/express-openapi-validator/issues/954)
@@ -7,16 +38,25 @@
 
 ### breaking change
 
-* by defaulting to `true` when not defined by the user.
-
-Add tests:
-1. Make sure `AjvOptions` sets the value appropriately based on whether
-   the end user defined `allErrors` or not.
-2. When validating requests, make sure the number of errors reported
-   (when multiple occur) is 1 when `allErrors` is `false`.
-
-The `allErrors` configuration for OpenAPISchemaValidator is not changed
-by this commit since that validation is for trusted content.
+By default, request and response validation now stops after the first failure. Only one error will be reported even when multiple may exist. This follows best practices from AJV:
+- [Security risks of trusted schemas](https://ajv.js.org/security.html#security-risks-of-trusted-schemas)
+- [`allErrors` option](https://ajv.js.org/options.html#allerrors)
+
+To report all validation errors (only recommended in development), option `allErrors` can be set in options `validateRequests` and/or `validateResponses`. For example:
+
+```ts
+app.use(
+  OpenApiValidator.middleware({
+    apiSpec: 'path/to/openapi.json',
+    validateRequests: {
+      allErrors: true,
+    },
+    validateResponses: {
+      allErrors: true,
+    },
+  })
+);
+```
 
 
 ##  (2024-08-24)

README.md

@@ -35,8 +35,9 @@
 ```shell
 npm install express-openapi-validator
 
-# experimental OAS 3.1 in alpha (contributions welcome - see branch `oas-3.1` and pr-882)
-npm install [email protected]
+# experimental OAS 3.1 in alpha (contributions welcome - see branch `oas-3.1` and pr-882 
+# please provide feedback on (issue-573)
+npm install [email protected]
 ```
 
 ## Usage