We should be able to update minor versions of stable libs without breaking
gitlab Gemfile

--- a/Gemfile
+++ b/Gemfile
@@ -8,7 +8,7 @@
 # Responders respond_to and respond_with
 gem 'responders', '~> 2.0'
 
-gem 'sprockets', '~> 3.7.0'
+gem 'sprockets', '~> 3.7'
 
 # Default values for AR models
 gem 'gitlab-default_value_for', '~> 3.1.1', require: 'default_value_for'
@@ -27,61 +27,61 @@
 gem 'doorkeeper', '~> 4.3'
 gem 'doorkeeper-openid_connect', '~> 1.5'
 gem 'omniauth', '~> 1.8'
-gem 'omniauth-auth0', '~> 2.0.0'
+gem 'omniauth-auth0', '~> 2.0'
 gem 'omniauth-azure-oauth2', '~> 0.0.9'
-gem 'omniauth-cas3', '~> 1.1.4'
-gem 'omniauth-facebook', '~> 4.0.0'
+gem 'omniauth-cas3', '~> 1.1', '>= 1.1.4'
+gem 'omniauth-facebook', '~> 4.0'
 gem 'omniauth-github', '~> 1.3'
-gem 'omniauth-gitlab', '~> 1.0.2'
+gem 'omniauth-gitlab', '~> 1.0', '>= 1.0.2'
 gem 'omniauth-google-oauth2', '~> 0.6.0'
 gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos
 gem 'omniauth-oauth2-generic', '~> 0.2.2'
 gem 'omniauth-saml', '~> 1.10'
-gem 'omniauth-shibboleth', '~> 1.3.0'
+gem 'omniauth-shibboleth', '~> 1.3'
 gem 'omniauth-twitter', '~> 1.4'
-gem 'omniauth_crowd', '~> 2.2.0'
+gem 'omniauth_crowd', '~> 2.2'
 gem 'omniauth-authentiq', '~> 0.3.3'
 gem 'omniauth_openid_connect', '~> 0.3.0'
 gem "omniauth-ultraauth", '~> 0.0.2'
-gem 'omniauth-salesforce', '~> 1.0.5'
-gem 'rack-oauth2', '~> 1.9.3'
-gem 'jwt', '~> 2.1.0'
+gem 'omniauth-salesforce', '~> 1.0', '>= 1.0.5'
+gem 'rack-oauth2', '~> 1.9', '>= 1.9.3'
+gem 'jwt', '~> 2.1'
 
 # Spam and anti-bot protection
 gem 'recaptcha', '~> 4.11', require: 'recaptcha/rails'
 gem 'akismet', '~> 2.0'
 
 # Two-factor authentication
-gem 'devise-two-factor', '~> 3.0.0'
+gem 'devise-two-factor', '~> 3.0'
 gem 'rqrcode-rails3', '~> 0.1.7'
-gem 'attr_encrypted', '~> 3.1.0'
+gem 'attr_encrypted', '~> 3.1'
 gem 'u2f', '~> 0.2.1'
 
 # GitLab Pages
-gem 'validates_hostname', '~> 1.0.6'
-gem 'rubyzip', '~> 1.2.2', require: 'zip'
+gem 'validates_hostname', '~> 1.0', '>= 1.0.6'
+gem 'rubyzip', '~> 1.2', '>= 1.2.2', require: 'zip'
 
 # Browser detection
 gem 'browser', '~> 2.5'
 
 # GPG
-gem 'gpgme', '~> 2.0.18'
+gem 'gpgme', '~> 2.0', '>= 2.0.18'
 
 # LDAP Auth
 # GitLab fork with several improvements to original library. For full list of changes
 # see https://github.com/intridea/omniauth-ldap/compare/master...gitlabhq:master
-gem 'gitlab_omniauth-ldap', '~> 2.1.1', require: 'omniauth-ldap'
+gem 'gitlab_omniauth-ldap', '~> 2.1', '>= 2.1.1', require: 'omniauth-ldap'
 gem 'net-ldap'
 
 # API
-gem 'grape', '~> 1.1.0'
+gem 'grape', '~> 1.1'
 gem 'grape-entity', '~> 0.7.1'
-gem 'rack-cors', '~> 1.0.0', require: 'rack/cors'
+gem 'rack-cors', '~> 1.0', require: 'rack/cors'
 
 # GraphQL API
-gem 'graphql', '~> 1.8.0'
-gem 'graphiql-rails', '~> 1.4.10'
-gem 'apollo_upload_server', '~> 2.0.0.beta3'
+gem 'graphql', '~> 1.8'
+gem 'graphiql-rails', '~> 1.4', '>= 1.4.10'
+gem 'apollo_upload_server', '~> 2.0', '>= 2.0.0.beta3'
 
 # Disable strong_params so that Mash does not respond to :permitted?
 gem 'hashie-forbidden_attributes'
@@ -90,7 +90,7 @@
 gem 'kaminari', '~> 1.0'
 
 # HAML
-gem 'hamlit', '~> 2.8.8'
+gem 'hamlit', '~> 2.8', '>= 2.8.8'
 
 # Files attachments
 gem 'carrierwave', '~> 1.3'
@@ -100,7 +100,7 @@
 gem 'fog-aws', '~> 3.3'
 # Locked until fog-google resolves https://github.com/fog/fog-google/issues/421.
 # Also see config/initializers/fog_core_patch.rb.
-gem 'fog-core', '= 2.1.0'
+gem 'fog-core', '= 2.1'
 gem 'fog-google', '~> 1.8'
 gem 'fog-local', '~> 0.6'
 gem 'fog-openstack', '~> 1.0'
@@ -114,38 +114,38 @@
 gem 'unf', '~> 0.1.4'
 
 # Seed data
-gem 'seed-fu', '~> 2.3.7'
+gem 'seed-fu', '~> 2.3', '>= 2.3.7'
 
 # Markdown and HTML processing
 gem 'html-pipeline', '~> 2.8'
-gem 'deckar01-task_list', '2.2.0'
-gem 'gitlab-markup', '~> 1.7.0'
-gem 'github-markup', '~> 1.7.0', require: 'github/markup'
+gem 'deckar01-task_list', '2.2'
+gem 'gitlab-markup', '~> 1.7'
+gem 'github-markup', '~> 1.7', require: 'github/markup'
 gem 'commonmarker', '~> 0.17'
-gem 'RedCloth', '~> 4.3.2'
+gem 'RedCloth', '~> 4.3', '>= 4.3.2'
 gem 'rdoc', '~> 6.0'
 gem 'org-ruby', '~> 0.9.12'
 gem 'creole', '~> 0.5.0'
 gem 'wikicloth', '0.8.1'
-gem 'asciidoctor', '~> 1.5.8'
+gem 'asciidoctor', '~> 1.5', '>= 1.5.8'
 gem 'asciidoctor-plantuml', '0.0.8'
 gem 'rouge', '~> 3.1'
 gem 'truncato', '~> 0.7.11'
-gem 'bootstrap_form', '~> 4.2.0'
-gem 'nokogiri', '~> 1.10.3'
+gem 'bootstrap_form', '~> 4.2'
+gem 'nokogiri', '~> 1.10', '>= 1.10.3'
 gem 'escape_utils', '~> 1.1'
 
 # Calendar rendering
 gem 'icalendar'
 
 # Diffs
-gem 'diffy', '~> 3.1.0'
+gem 'diffy', '~> 3.1'
 
 # Application server
-gem 'rack', '~> 2.0.7'
+gem 'rack', '~> 2.0', '>= 2.0.7'
 
 group :unicorn do
-  gem 'unicorn', '~> 5.4.1'
+  gem 'unicorn', '~> 5.4', '>= 5.4.1'
   gem 'unicorn-worker-killer', '~> 0.4.4'
 end
 
@@ -161,9 +161,9 @@
 gem 'acts-as-taggable-on', '~> 6.0'
 
 # Background jobs
-gem 'sidekiq', '~> 5.2.7'
+gem 'sidekiq', '~> 5.2', '>= 5.2.7'
 gem 'sidekiq-cron', '~> 1.0'
-gem 'redis-namespace', '~> 1.6.0'
+gem 'redis-namespace', '~> 1.6'
 gem 'gitlab-sidekiq-fetcher', '~> 0.4.0', require: 'sidekiq-reliable-fetch'
 
 # Cron Parser
@@ -179,14 +179,14 @@
 gem 'ruby-progressbar'
 
 # GitLab settings
-gem 'settingslogic', '~> 2.0.9'
+gem 'settingslogic', '~> 2.0', '>= 2.0.9'
 
 # Linear-time regex library for untrusted regular expressions
-gem 're2', '~> 1.1.1'
+gem 're2', '~> 1.1', '>= 1.1.1'
 
 # Misc
 
-gem 'version_sorter', '~> 2.2.4'
+gem 'version_sorter', '~> 2.2', '>= 2.2.4'
 
 # Export Ruby Regex to Javascript
 gem 'js_regex', '~> 3.1'
@@ -195,7 +195,7 @@
 gem 'device_detector'
 
 # Cache
-gem 'redis-rails', '~> 5.0.2'
+gem 'redis-rails', '~> 5.0', '>= 5.0.2'
 
 # Redis
 gem 'redis', '~> 3.2'
@@ -205,7 +205,7 @@
 gem 'discordrb-webhooks-blackst0ne', '~> 3.3', require: false
 
 # HipChat integration
-gem 'hipchat', '~> 1.5.0'
+gem 'hipchat', '~> 1.5'
 
 # JIRA integration
 gem 'jira-ruby', '~> 1.4'
@@ -214,7 +214,7 @@
 gem 'flowdock', '~> 0.7'
 
 # Slack integration
-gem 'slack-notifier', '~> 1.5.1'
+gem 'slack-notifier', '~> 1.5', '>= 1.5.1'
 
 # Hangouts Chat integration
 gem 'hangouts-chat', '~> 0.0.5'
@@ -226,11 +226,11 @@
 gem 'ruby-fogbugz', '~> 0.2.1'
 
 # Kubernetes integration
-gem 'kubeclient', '~> 4.2.2'
+gem 'kubeclient', '~> 4.2', '>= 4.2.2'
 
 # Sanitize user input
 gem 'sanitize', '~> 4.6'
-gem 'babosa', '~> 1.0.2'
+gem 'babosa', '~> 1.0', '>= 1.0.2'
 
 # Sanitizes SVG input
 gem 'loofah', '~> 2.2'
@@ -239,10 +239,10 @@
 gem 'licensee', '~> 8.9'
 
 # Protect against bruteforcing
-gem 'rack-attack', '~> 4.4.1'
+gem 'rack-attack', '~> 4.4', '>= 4.4.1'
 
 # Ace editor
-gem 'ace-rails-ap', '~> 4.1.0'
+gem 'ace-rails-ap', '~> 4.1'
 
 # Detect and convert string character encoding
 gem 'charlock_holmes', '~> 0.7.5'
@@ -260,21 +260,21 @@
 gem 'webpack-rails', '~> 0.9.10'
 gem 'rack-proxy', '~> 0.6.0'
 
-gem 'sassc-rails', '~> 2.1.0'
-gem 'uglifier', '~> 2.7.2'
+gem 'sassc-rails', '~> 2.1'
+gem 'uglifier', '~> 2.7', '>= 2.7.2'
 
-gem 'addressable', '~> 2.5.2'
+gem 'addressable', '~> 2.5', '>= 2.5.2'
 gem 'font-awesome-rails', '~> 4.7'
 gem 'gemojione', '~> 3.3'
 gem 'gon', '~> 6.2'
 gem 'request_store', '~> 1.3'
-gem 'virtus', '~> 1.0.1'
+gem 'virtus', '~> 1.0', '>= 1.0.1'
 gem 'base32', '~> 0.3.0'
 
 # Sentry integration
 gem 'sentry-raven', '~> 2.7'
 
-gem 'premailer-rails', '~> 1.9.7'
+gem 'premailer-rails', '~> 1.9', '>= 1.9.7'
 
 # LabKit: Tracing and Correlation
 gem 'gitlab-labkit', '~> 0.2.0'
@@ -282,19 +282,19 @@
 # I18n
 gem 'ruby_parser', '~> 3.8', require: false
 gem 'rails-i18n', '~> 5.1'
-gem 'gettext_i18n_rails', '~> 1.8.0'
+gem 'gettext_i18n_rails', '~> 1.8'
 gem 'gettext_i18n_rails_js', '~> 1.3'
-gem 'gettext', '~> 3.2.2', require: false, group: :development
+gem 'gettext', '~> 3.2', '>= 3.2.2', require: false, group: :development
 
-gem 'batch-loader', '~> 1.4.0'
+gem 'batch-loader', '~> 1.4'
 
 # Perf bar
-gem 'peek', '~> 1.0.1'
+gem 'peek', '~> 1.0', '>= 1.0.1'
 gem 'peek-gc', '~> 0.0.2'
-gem 'peek-mysql2', '~> 1.2.0', group: :mysql
-gem 'peek-pg', '~> 1.3.0', group: :postgres
+gem 'peek-mysql2', '~> 1.2', group: :mysql
+gem 'peek-pg', '~> 1.3', group: :postgres
 gem 'peek-rblineprof', '~> 0.2.0'
-gem 'peek-redis', '~> 1.2.0'
+gem 'peek-redis', '~> 1.2'
 
 # Metrics
 group :metrics do
@@ -314,55 +314,55 @@
   gem 'rblineprof', '~> 0.3.6', platform: :mri, require: false
 
   # Better errors handler
-  gem 'better_errors', '~> 2.5.0'
+  gem 'better_errors', '~> 2.5'
   gem 'binding_of_caller', '~> 0.8.0'
 
   # thin instead webrick
-  gem 'thin', '~> 1.7.0'
+  gem 'thin', '~> 1.7'
 end
 
 group :development, :test do
   gem 'bootsnap', '~> 1.4'
-  gem 'bullet', '~> 5.5.0', require: !!ENV['ENABLE_BULLET']
-  gem 'pry-byebug', '~> 3.5.1', platform: :mri
+  gem 'bullet', '~> 5.5', require: !!ENV['ENABLE_BULLET']
+  gem 'pry-byebug', '~> 3.5', '>= 3.5.1', platform: :mri
   gem 'pry-rails', '~> 0.3.4'
 
   gem 'awesome_print', require: false
-  gem 'fuubar', '~> 2.2.0'
+  gem 'fuubar', '~> 2.2'
 
-  gem 'database_cleaner', '~> 1.7.0'
-  gem 'factory_bot_rails', '~> 4.8.2'
-  gem 'rspec-rails', '~> 3.7.0'
+  gem 'database_cleaner', '~> 1.7'
+  gem 'factory_bot_rails', '~> 4.8', '>= 4.8.2'
+  gem 'rspec-rails', '~> 3.7'
   gem 'rspec-retry', '~> 0.6.1'
   gem 'rspec_profiling', '~> 0.0.5'
   gem 'rspec-set', '~> 0.1.3'
   gem 'rspec-parameterized', require: false
 
   # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
-  gem 'minitest', '~> 5.11.0'
+  gem 'minitest', '~> 5.11'
 
   # Generate Fake data
   gem 'ffaker', '~> 2.10'
 
-  gem 'capybara', '~> 2.18.0'
-  gem 'capybara-screenshot', '~> 1.0.22'
+  gem 'capybara', '~> 2.18'
+  gem 'capybara-screenshot', '~> 1.0', '>= 1.0.22'
   gem 'selenium-webdriver', '~> 3.141'
 
-  gem 'spring', '~> 2.0.0'
-  gem 'spring-commands-rspec', '~> 1.0.4'
+  gem 'spring', '~> 2.0'
+  gem 'spring-commands-rspec', '~> 1.0', '>= 1.0.4'
 
   gem 'gitlab-styles', '~> 2.6', require: false
   # Pin these dependencies, otherwise a new rule could break the CI pipelines
   gem 'rubocop', '~> 0.68.1'
-  gem 'rubocop-performance', '~> 1.1.0'
-  gem 'rubocop-rspec', '~> 1.22.1'
+  gem 'rubocop-performance', '~> 1.1'
+  gem 'rubocop-rspec', '~> 1.22', '>= 1.22.1'
 
   gem 'scss_lint', '~> 0.56.0', require: false
   gem 'haml_lint', '~> 0.30.0', require: false
   gem 'simplecov', '~> 0.14.0', require: false
   gem 'bundler-audit', '~> 0.5.0', require: false
 
-  gem 'benchmark-ips', '~> 2.3.0', require: false
+  gem 'benchmark-ips', '~> 2.3', require: false
 
   gem 'license_finder', '~> 5.4', require: false
   gem 'knapsack', '~> 1.17'
@@ -371,18 +371,18 @@
 
   gem 'stackprof', '~> 0.2.10', require: false
 
-  gem 'simple_po_parser', '~> 1.1.2', require: false
+  gem 'simple_po_parser', '~> 1.1', '>= 1.1.2', require: false
 
   gem 'timecop', '~> 0.8.0'
 end
 
 group :test do
-  gem 'shoulda-matchers', '~> 3.1.2', require: false
-  gem 'email_spec', '~> 2.2.0'
-  gem 'json-schema', '~> 2.8.0'
-  gem 'webmock', '~> 3.5.1'
+  gem 'shoulda-matchers', '~> 3.1', '>= 3.1.2', require: false
+  gem 'email_spec', '~> 2.2'
+  gem 'json-schema', '~> 2.8'
+  gem 'webmock', '~> 3.5', '>= 3.5.1'
   gem 'rails-controller-testing'
-  gem 'sham_rack', '~> 1.3.6'
+  gem 'sham_rack', '~> 1.3', '>= 1.3.6'
   gem 'concurrent-ruby', '~> 1.1'
   gem 'test-prof', '~> 0.2.5'
   gem 'rspec_junit_formatter'
@@ -402,11 +402,11 @@
 gem 'oauth2', '~> 1.4'
 
 # Health check
-gem 'health_check', '~> 2.6.0'
+gem 'health_check', '~> 2.6'
 
 # System information
-gem 'vmstat', '~> 2.3.0'
-gem 'sys-filesystem', '~> 1.1.6'
+gem 'vmstat', '~> 2.3'
+gem 'sys-filesystem', '~> 1.1', '>= 1.1.6'
 
 # SSH host key support
 gem 'net-ssh', '~> 5.0'
@@ -419,13 +419,13 @@
 end
 
 # Gitaly GRPC client
-gem 'gitaly-proto', '~> 1.27.2', require: 'gitaly'
+gem 'gitaly-proto', '~> 1.27', '>= 1.27.2', require: 'gitaly'
 
-gem 'grpc', '~> 1.19.0'
+gem 'grpc', '~> 1.19'
 
-gem 'google-protobuf', '~> 3.7.1'
+gem 'google-protobuf', '~> 3.7', '>= 3.7.1'
 
-gem 'toml-rb', '~> 1.0.0', require: false
+gem 'toml-rb', '~> 1.0', require: false
 
 # Feature toggles
 gem 'flipper', '~> 0.13.0'