From 5eeb4935bf8c4584ad71097c804442e36a1b5bdc Mon Sep 17 00:00:00 2001
From: Matheus Richard <matheusrichardt@gmail.com>
Date: Wed, 8 Apr 2026 11:15:34 -0300
Subject: [PATCH] Require MFA for gem pushes

This adds the `rubygems_mfa_required` metadata to the gemspec,
requiring multi-factor authentication for privileged operations
on RubyGems.org.

This is a protection against supply chain attacks like the recent
NPM Axios compromise: https://socket.dev/blog/axios-npm-package-compromised

Reference: https://guides.rubygems.org/mfa-requirement-opt-in/
---
 administrate.gemspec | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/administrate.gemspec b/administrate.gemspec
index b3a83e2930..bc144a688c 100644
--- a/administrate.gemspec
+++ b/administrate.gemspec
@@ -11,6 +11,10 @@ Gem::Specification.new do |s|
   s.summary = "A Rails engine for creating super-flexible admin dashboards"
   s.license = "MIT"
 
+  s.metadata = {
+    "rubygems_mfa_required" => "true"
+  }
+
   s.files = Dir["{app,lib,docs}/**/*", "config/locales/**/*", "LICENSE", "Rakefile"]
 
   s.add_dependency "actionpack", ">= 6.0", "< 9.0"