if you have a dependency with version 0.0.3 and a new version 0.0.4 appears, do you consider it a patch version suitable for automatic or near automatic upgrade, or kind of a major version since it's a bump in the first non-zero digit?

if you use automated tools to keep dependencies current, how do they handle cases like this?