Require MFA for gem pushes (#3028)

MatheusRich · web-flow · commit 0ceef11d31ed · 2026-04-08T16:23:04.000+01:00
This adds the `rubygems_mfa_required` metadata to the gemspec, requiring multi-factor authentication for privileged operations on RubyGems.org. This is a protection against supply chain attacks like the recent NPM Axios compromise: https://socket.dev/blog/axios-npm-package-compromised Reference: https://guides.rubygems.org/mfa-requirement-opt-in/
diff --git a/administrate.gemspec b/administrate.gemspec
@@ -11,6 +11,10 @@ Gem::Specification.new do |s|
   s.summary = "A Rails engine for creating super-flexible admin dashboards"
   s.license = "MIT"
 
+  s.metadata = {
+    "rubygems_mfa_required" => "true"
+  }
+
   s.files = Dir["{app,lib,docs}/**/*", "config/locales/**/*", "LICENSE", "Rakefile"]
 
   s.add_dependency "actionpack", ">= 6.0", "< 9.0"
