Upgraded rspec-rails from 2.99.0 to 3.4.0

spec/vulnerabilities/xss_spec.rb

@@ -23,7 +23,8 @@ feature 'xss' do
 
     visit "/users/#{@normal_user.user_id}/account_settings"
 
-    pending(:if => verifying_fixed?) { find('#submit_button').value.should == 'RailsGoat h4x0r3d' }
+    pending if verifying_fixed?
+    expect(find('#submit_button').value).to eq('RailsGoat h4x0r3d')
 
     # might be nice to demonstrate posting cookie contents or somesuch, but
     # this at least shows the vulnerability still exists.