RubyGems - baldur - Versions diffs - 0.1.1 → 0.1.2 - Mend

baldur 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c530dc1592f68c70aea978df00320e2b5c60c3bdf1438fed868858b13808e19c
-  data.tar.gz: '0827b0d90a5520b0af7fcc92fc4d6cae262274d54a7bfe6c8ba92c8beacc1d45'
+  metadata.gz: 755f7b5c5357a353e44fc2885a9dbae5134fd8e2150bdc24d7b49b670ac93fd3
+  data.tar.gz: 1a5b0a736bfe6cb16bc00714b0e0e2649cd9e2233f22c53943bc95fd4c3c150f
 SHA512:
-  metadata.gz: aeeda062066859904828caecb85e2dc4599274138b6d2aeaa3172a9edfd358c673579b1e32b4864e19422b306811e7f774d7e0c2208c6817d8f94438b2998bb0
-  data.tar.gz: 21f0c38a4047ab20ae7bd75c2001f8a4e1f013f27ddb930852c915cf39627017e318399cd204038b77e538686c05bce2323fdbd82652cda316056c5b06400bc3
+  metadata.gz: da5b42f713b2a5e3416227666f956548017058ff95dd0a51ea53472ff08c417d6239ac224f9a58dafaedc0d29dbd016a73f49ab7368b894cb0d47ff0355d3b52
+  data.tar.gz: 6ba4f17fc97e25faea592202d16fddbec20f4752e7f1d835f2f03499b988c4f0662a3f817aa2a10a1edbbc50a8dfb48f49d2f55ac0a392a9acdfa43572cf2a4d

data/README.md CHANGED Viewed

@@ -15,7 +15,7 @@ Baldur is a reusable Rails UI engine for apps using the same frontend stack as t
 Baldur now declares `tailwindcss-rails` as a gem dependency, so hosts do not need to add that gem separately unless they want to pin a specific version.
 ```ruby
-gem "baldur"
+gem "baldur", "~> 0.1.2"
 ```
 2. Run:
@@ -45,6 +45,18 @@ bundle exec rails generate baldur:install_google_auth
 Default install behavior keeps Geist loaded through the host `fonts.css` scaffold. If a host app wants a different stack, it should update `fonts.css` and then map the loaded families in `theme.css`.
+## Security
+- New Baldur releases require MFA for RubyGems owners via gem metadata starting with `0.1.2`.
+- Release artifacts should be installed from RubyGems or GitHub releases and can be verified with the published `.sha512` checksum file.
+- Report vulnerabilities privately through GitHub Security Advisories.
+To verify a release artifact manually:
+```sh
+sha512sum -c baldur-0.1.2.gem.sha512
+```
 ## Styling Ownership
 Tailwind provides the utility/base layer. Baldur is the source of truth for shared design-system primitives.

data/SECURITY.md ADDED Viewed

@@ -0,0 +1,29 @@
+# Security Policy
+## Reporting a Vulnerability
+Please do not report security issues through public GitHub issues or pull requests.
+Preferred reporting paths:
+1. Open a private GitHub Security Advisory draft for this repository.
+2. Use GitHub Security Advisories for private disclosure.
+Please include:
+- affected version(s)
+- a clear description of the issue
+- reproduction steps or proof of concept
+- impact assessment if known
+- any suggested remediation
+## Disclosure Process
+- I will acknowledge receipt of a report as quickly as practical.
+- I will investigate privately and prepare a fix before public disclosure.
+- Once a fix is available, I may publish a GitHub Security Advisory and request a CVE if the issue merits one.
+- Public disclosure should wait until affected users have a reasonable chance to upgrade.
+## Supported Versions
+Security fixes are best-effort and will normally target the latest released version of Baldur.

data/baldur.gemspec CHANGED Viewed

@@ -4,11 +4,16 @@ Gem::Specification.new do |spec|
   spec.name        = "baldur"
   spec.version     = Baldur::VERSION
   spec.authors     = [ "Varun Murkar" ]
-  spec.email       = [ "hello@varunmurkar.com" ]
   spec.summary     = "Reusable Rails UI engine for same-stack application interfaces"
   spec.description = "Baldur packages reusable Rails view helpers, components, styles, and Stimulus controllers."
   spec.homepage    = "https://github.com/varunmurkar/baldur"
   spec.license     = "MIT"
+  spec.metadata = {
+    "source_code_uri" => "https://github.com/varunmurkar/baldur",
+    "bug_tracker_uri" => "https://github.com/varunmurkar/baldur/issues",
+    "changelog_uri" => "https://github.com/varunmurkar/baldur/releases",
+    "rubygems_mfa_required" => "true"
+  }
   spec.files = Dir.chdir(__dir__) do
     Dir[
@@ -16,6 +21,7 @@ Gem::Specification.new do |spec|
       "README.md",
       "TODO.md",
       "LICENSE",
+      "SECURITY.md",
       "baldur.gemspec",
       "Gemfile"
     ].select { |path| File.file?(path) }

data/lib/baldur/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Baldur
-  VERSION = "0.1.1".freeze
+  VERSION = "0.1.2".freeze
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: baldur
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Varun Murkar
@@ -67,8 +67,6 @@ dependencies:
         version: '0'
 description: Baldur packages reusable Rails view helpers, components, styles, and
   Stimulus controllers.
-email:
-- hello@varunmurkar.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -76,6 +74,7 @@ files:
 - Gemfile
 - LICENSE
 - README.md
+- SECURITY.md
 - TODO.md
 - app/assets/javascripts/baldur/controllers/accordion_controller.js
 - app/assets/javascripts/baldur/controllers/alert_controller.js
@@ -238,7 +237,11 @@ files:
 homepage: https://github.com/varunmurkar/baldur
 licenses:
 - MIT
-metadata: {}
+metadata:
+  source_code_uri: https://github.com/varunmurkar/baldur
+  bug_tracker_uri: https://github.com/varunmurkar/baldur/issues
+  changelog_uri: https://github.com/varunmurkar/baldur/releases
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib