Is there a way of calculating (new-version - previous-version) ?

[gabfelp]

First of all, thanks for the tool! It's really useful for filtering dependabot stuff

Now to my question:
As a context, I want to execute a specific step in my workflow only if the new version (from dependency) is exactly 1 patch ahead of previous-version (from dependency).
e.g.:

• v2.35.2 -> v2.35.3 ✅
• v2.35.0 -> v2.35.9 ❌
• v2.35.2 -> v2.36.0 ❌

Is there a simple way of getting this info or do I need to do string manipulation?

I'm asking because I don't know if steps.dependabot-metadata.outputs.update-type is util in this context.

Thanks!

(By the way, if I can suggest something, it would be nice to have the "question" type in the issues!)

[jeffwidman]

There isn't a simple way to get this info, so today you'd have to perform string manipulation.

update-type is the classification of the update:

fetch-metadata/src/dependabot/output.ts

Lines 10 to 13 in 173b40e

	const UPDATE_TYPES_PRIORITY = [
	'version-update:semver-major',
	'version-update:semver-minor',
	'version-update:semver-patch'

Search for update-types in this doc for more details: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

I understand the rationale of reducing risk by guarding against jumping multiple releases, but the whole idea of semver is to categorize that risk by using patch... so that a library maintainer can push multiple patch releases and they should still all be non-breaking.

So I don't see us building this out, as most users will find using gating on update-type = ["version-update:semver-patch"] sufficient.