feat: Remove deprecation DEPPS3: Config option enforcePrivateUsers defaults to true (#8283)

BREAKING CHANGE: The Parse Server option `enforcePrivateUsers` is set to `true` by default; in previous releases this option defaults to `false`; this change improves the default security configuration of Parse Server (#8283)

src/Deprecator/Deprecations.js

@@ -16,7 +16,6 @@
  * If there are no deprecations, this must return an empty array.
  */
 module.exports = [
-  { optionKey: 'enforcePrivateUsers', changeNewDefault: 'true' },
   { optionKey: 'allowClientClassCreation', changeNewDefault: 'false' },
   { optionKey: 'allowExpiredAuthDataToken', changeNewDefault: 'false' },
 ];

src/Options/Definitions.js

@@ -217,7 +217,7 @@ module.exports.ParseServerOptions = {
     env: 'PARSE_SERVER_ENFORCE_PRIVATE_USERS',
     help: 'Set to true if new users should be created without public read and write access.',
     action: parsers.booleanParser,
-    default: false,
+    default: true,
   },
   expireInactiveSessions: {
     env: 'PARSE_SERVER_EXPIRE_INACTIVE_SESSIONS',

src/Options/index.js

@@ -280,7 +280,7 @@ export interface ParseServerOptions {
   :DEFAULT: {} */
   security: ?SecurityOptions;
   /* Set to true if new users should be created without public read and write access.
-  :DEFAULT: false */
+  :DEFAULT: true */
   enforcePrivateUsers: ?boolean;
   /* Allow a user to log in even if the 3rd party authentication token that was used to sign in to their account has expired. If this is set to `false`, then the token will be validated every time the user signs in to their account. This refers to the token that is stored in the `_User.authData` field. Defaults to `true`.
   :DEFAULT: true */