From 5c55c11c79ff7971e915f37e9b43b6c521004406 Mon Sep 17 00:00:00 2001
From: Matheus Richard <matheusrichardt@gmail.com>
Date: Wed, 8 Apr 2026 12:13:40 -0300
Subject: [PATCH] Require MFA for RubyGems publishing

This adds the `rubygems_mfa_required` metadata to the gemspec, requiring multi-factor authentication for privileged operations on RubyGems.org.

This is a protection against supply chain attacks like the [recent NPM Axios compromise](https://socket.dev/blog/axios-npm-package-compromised)

Reference: https://guides.rubygems.org/mfa-requirement-opt-in/
---
 climate_control.gemspec | 1 +
 1 file changed, 1 insertion(+)

diff --git a/climate_control.gemspec b/climate_control.gemspec
index 3110bdc..890eaa0 100644
--- a/climate_control.gemspec
+++ b/climate_control.gemspec
@@ -12,6 +12,7 @@ Gem::Specification.new do |gem|
   gem.homepage = "https://github.com/thoughtbot/climate_control"
   gem.license = "MIT"
   gem.metadata["changelog_uri"] = "#{gem.homepage}/blob/main/CHANGELOG.md"
+  gem.metadata["rubygems_mfa_required"] = "true"
 
   gem.files = `git ls-files`.split($/)
   gem.require_paths = ["lib"]