Specs require actionpack-2.2.2 which is insecure and not listed in gemspec

[graaff]

The spec in test/test_action_controller_request_proxy.rb currently explicitly requires actionpack 2.2.2. Unfortunately this is part of a rails release with security problems that should no longer be used. It would be better to change this to 2.2.3 (or >~2.2.3 for future compatibility) which is the latest release in the 2.2.x series.

This is also not properly reported in the gemspec, which indicates that any actionpack version will work.

[graaff]

Simply bumping the version number does not seem to work for this, since I get the following failure with it:

1. Failure:
   test_query_string_parameter_values_should_be_cgi_unescaped(ActionControllerRequestProxyTest)
   [./test/test_action_controller_request_proxy.rb:125:in test_query_string_parameter_values_should_be_cgi_unescaped' /usr/lib64/ruby/gems/1.8/gems/activesupport-2.2.3/lib/active_support/testing/setup_and_teardown.rb:94:insend'
   /usr/lib64/ruby/gems/1.8/gems/activesupport-2.2.3/lib/active_support/testing/setup_and_teardown.rb:94:in `run']:
   <[["url", "http://foo.com/?a=b&c=d"]]> expected but was
   <[]>.

[quirkey]

Hey graaff

I just pushed a fix (that will be pushed in 0.3.7) that gives a range for actionpack version requirements. The actionpack/controller proxy is actual for legacy reasons, any rails > 2.3 will use the rack proxy.

FYI: The official repo for this gem is now hosted at: http://github.com/oauth/oauth-ruby