BREAKINGCHANGES.md

1. update and delete policy rejection throws NotFoundError
2. check() ORM api has been removed
3. non-optional to-one relation doesn't automatically filter parent read when evaluating access policies
4. @omit and @password attributes have been removed
5. SWR plugin is removed