René's URL Explorer Experiment


Title: fix(bump): only consider commit titles when matching bump patterns by bearomorphism · Pull Request #1983 · commitizen-tools/commitizen · GitHub

Open Graph Title: fix(bump): only consider commit titles when matching bump patterns by bearomorphism · Pull Request #1983 · commitizen-tools/commitizen

X Title: fix(bump): only consider commit titles when matching bump patterns by bearomorphism · Pull Request #1983 · commitizen-tools/commitizen

Description: Description Closes #1772. Why cz bump was producing spurious PATCH version bumps on ci: commits whose bodies contained Dependabot-generated content. Dependabot's pull-request descriptions quote upstream repository changelogs verbatim, and those changelogs routinely contain lines such as fix: update @actions/artifact to ^5.0.0 for Node.js 24 punycode fix. Because find_increment in commitizen/bump.py:37 (master) iterates over every line of commit.message — which is computed as f"{self.title}\n\n{self.body}".strip() at commitizen/git.py:78–79 — those body lines are matched against the bump_pattern and counted as fix: commits, triggering a PATCH bump on a commit that is semantically a dependency-update automation entry with a ci: title. The issue was initially closed as "working as designed" after a maintainer misread the log: the fix: line in question was not a commit in the user's repository — it was text inside the Dependabot PR body (which becomes the body of the squash-merged ci: commit). @Clockwork-Muse clarified this with a screenshot in February 2026, and @Lee-W reopened the issue. Subsequent verification against master (4.15.1) in the #1964 audit confirmed the false positive is still reproducible: a ci: commit whose body contains an unbulleted fix: … line at column 0 produces a PATCH bump and a spurious ### Fix changelog section. The Conventional Commits specification places the commit type exclusively in the title (the first line); scanning every body line for type-prefixed text contradicts the spec and produces this class of false positive on auto-generated commit bodies. What changed File Change commitizen/bump.py In find_increment(), replace the commit.message.split("\n") loop at line 37 (master) with a candidate_lines list containing only commit.title plus any body lines that begin with BREAKING CHANGE: or BREAKING-CHANGE: tests/test_bump_find_increment.py Add two regression tests: test_find_increment_ignores_type_tokens_in_commit_body (the Dependabot false-positive scenario) and test_find_increment_still_honors_breaking_change_in_body (confirming MAJOR is still triggered by a body footer) How it works Title-only type matching: candidate_lines is initialised as [commit.title]. The commit.title attribute stores only the first line of the commit message (set at commitizen/git.py:71), so no body content can reach the bump_pattern via this path. Body still scanned for breaking-change footers: the body is split on "\n" and each line is tested with stripped.startswith(("BREAKING CHANGE:", "BREAKING-CHANGE:")) after a lstrip() call. Matching lines are appended to candidate_lines and then processed by the same select_pattern.search() call as the title. lstrip() rather than strip() for footer indentation tolerance — the non-obvious choice: the Conventional Commits spec allows trailers to be indented (e.g., BREAKING CHANGE: x). Using lstrip() means such indented footers are still accepted, while a body line like fix: something is stripped to fix: something, which does not start with either breaking-change token and so is correctly excluded. Using strip() instead would also work here, but lstrip() is semantically more precise — the trailing content of a footer is not guaranteed to be whitespace-free, so only left-stripping is warranted for the prefix check. commit.message property untouched: commitizen/git.py:77–79 defines message as title + "\n\n" + body and this property is used elsewhere (changelog rendering, the check command). Only find_increment changes which lines it examines; every other consumer of commit.message is unaffected. Backward compatibility Any commit whose title begins with a conventional type (fix:, feat:, perf:, etc.) is still bumped exactly as before. BREAKING CHANGE: / BREAKING-CHANGE: footers in the commit body still trigger a MAJOR bump. The feat!: / fix!: exclamation-mark breaking-change syntax in the title is unaffected — it is matched against commit.title by the same select_pattern. commit.message, commit.title, and commit.body on GitCommit (commitizen/git.py:60–79) are untouched. All 12 pre-existing test_find_increment_* tests in tests/test_bump_find_increment.py pass; the full bump command integration test suite (131 tests) passes with the same 4 GPG-fixture tests deselected on Windows as before. Checklist I have read the contributing guidelines Was generative AI tooling used to co-author this PR? Yes (please specify the tool below) Generated-by: Claude following the guidelines Code Changes Add test cases to all the changes you introduce Run uv run poe all locally to ensure this change passes linter check and tests Manually test the changes (see "Steps to Test" below) Update the documentation for the changes Expected Behavior Scenario Outcome ci: commit whose body contains fix: … lines (Dependabot-style) No bump — body type-prefixed lines are ignored fix: normal patch fix in the commit title PATCH bump — unchanged feat: new feature title with BREAKING CHANGE: old API removed in the body MAJOR bump — breaking-change footer still honoured feat!: breaking change flagged in title MAJOR bump — exclamation-mark syntax in title still honoured ci: commit with a bulleted body line - fix: addresses CVE-… No bump — leading - prevents startswith match and the line is excluded Steps to Test This Pull Request git fetch fork fix/1772-anchor-bump-pattern-to-title git checkout fork/fix/1772-anchor-bump-pattern-to-title # 1. Targeted regression test. uv run pytest tests/test_bump_find_increment.py -v # 2. Reproduce-the-bug-then-verify-the-fix sequence. python - <<'EOF' from commitizen import bump from commitizen.git import GitCommit from commitizen.cz.conventional_commits import ConventionalCommitsCz # Exact reproducer from #1772: a ci: commit whose body quotes an upstream # changelog entry containing "fix: ..." at column 0. DEPENDABOT_BODY = ( "Bumps actions/upload-artifact from 5 to 6.\n" "fix: update @actions/artifact to ^5.0.0 for Node.js 24 punycode fix\n" ) commit = GitCommit( rev="abc123", title="ci: bump actions/upload-artifact from 5 to 6 (#23)", body=DEPENDABOT_BODY, ) result = bump.find_increment( [commit], regex=ConventionalCommitsCz.bump_pattern, increments_map=ConventionalCommitsCz.bump_map, ) assert result is None, f"FAIL: expected None, got {result!r} — false-positive bump still present" print("OK: Dependabot body does not trigger a bump") # Confirm BREAKING CHANGE in body still works. bc_commit = GitCommit( rev="def456", title="feat: new user interface", body="some detail\n\nBREAKING CHANGE: drops support for legacy config format", ) result = bump.find_increment( [bc_commit], regex=ConventionalCommitsCz.bump_pattern, increments_map=ConventionalCommitsCz.bump_map, ) assert result == "MAJOR", f"FAIL: expected MAJOR, got {result!r}" print("OK: BREAKING CHANGE footer still triggers MAJOR") EOF Additional Context This fix was surfaced during the #1964 issue audit. The issue had been incorrectly closed in February 2026 after a maintainer misidentified the fix: line as a commit in the user's own repository; @Clockwork-Muse's follow-up comment and screenshot clarified that the line comes from Dependabot quoting an upstream changelog entry — it is not a commit in the user's repository at all. @namwoam was assigned in January 2026 and identified the correct code path (commitizen/bump.py:37–38, master) but proposed an author-filter approach; this PR takes the simpler route of anchoring the type match to the commit title only, which aligns with the Conventional Commits specification without introducing new configuration surface. @namwoam is welcome to take over if still active on this — please comment and this PR will be closed.

Open Graph Description: Description Closes #1772. Why cz bump was producing spurious PATCH version bumps on ci: commits whose bodies contained Dependabot-generated content. Dependabot's pull-request descriptions quote...

X Description: Description Closes #1772. Why cz bump was producing spurious PATCH version bumps on ci: commits whose bodies contained Dependabot-generated content. Dependabot&#39;s pull-request descriptions q...

Opengraph URL: https://github.com/commitizen-tools/commitizen/pull/1983

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository/pull/:id/files(.:format)
route-controllerpull_requests
route-actionfiles
fetch-noncev2:bcfa8042-e87f-c198-181d-bac8f4883045
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-id8FDC:179658:78BD86:B2728A:6A4E1526
html-safe-nonce1650a6bef2d8eeda6fdaeb4e1ea57c9ffa116d8b1c21ac6ea2851faabb9af2be
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4RkRDOjE3OTY1ODo3OEJEODY6QjI3MjhBOjZBNEUxNTI2IiwidmlzaXRvcl9pZCI6IjQ1ODA1MDM5NDM0NjE2MDY2OTQiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmac37117d27f8f19061b44fd36a2d945a2f5536fa4454d63a902771c0e574fd5582
hovercard-subject-tagpull_request:3654893121
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///pull_requests/show/files
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/commitizen-tools/commitizen/pull/1983/files
twitter:imagehttps://avatars.githubusercontent.com/u/26526132?s=400&v=4
twitter:cardsummary_large_image
og:imagehttps://avatars.githubusercontent.com/u/26526132?s=400&v=4
og:image:altDescription Closes #1772. Why cz bump was producing spurious PATCH version bumps on ci: commits whose bodies contained Dependabot-generated content. Dependabot's pull-request descriptions quote...
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None030096ee0db095447bfe77409d33bfac127ca7128299c58deef27c52eaa1b1f0
turbo-cache-controlno-preview
diff-viewunified
go-importgithub.com/commitizen-tools/commitizen git https://github.com/commitizen-tools/commitizen.git
octolytics-dimension-user_id62252524
octolytics-dimension-user_logincommitizen-tools
octolytics-dimension-repository_id106127589
octolytics-dimension-repository_nwocommitizen-tools/commitizen
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id106127589
octolytics-dimension-repository_network_root_nwocommitizen-tools/commitizen
turbo-body-classeslogged-out env-production page-responsive full-width
disable-turbotrue
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releaseea9187571e3edc5f2780f750631138669441ca50
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/commitizen-tools/commitizen/pull/1983/files#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fcommitizen-tools%2Fcommitizen%2Fpull%2F1983%2Ffiles
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fcommitizen-tools%2Fcommitizen%2Fpull%2F1983%2Ffiles
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Ffiles&source=header-repo&source_repo=commitizen-tools%2Fcommitizen
Reloadhttps://github.com/commitizen-tools/commitizen/pull/1983/files
Reloadhttps://github.com/commitizen-tools/commitizen/pull/1983/files
Reloadhttps://github.com/commitizen-tools/commitizen/pull/1983/files
Please reload this pagehttps://github.com/commitizen-tools/commitizen/pull/1983/files
commitizen-tools https://github.com/commitizen-tools
commitizenhttps://github.com/commitizen-tools/commitizen
Please reload this pagehttps://github.com/commitizen-tools/commitizen/pull/1983/files
Notifications https://github.com/login?return_to=%2Fcommitizen-tools%2Fcommitizen
Fork 344 https://github.com/login?return_to=%2Fcommitizen-tools%2Fcommitizen
Star 3.5k https://github.com/login?return_to=%2Fcommitizen-tools%2Fcommitizen
Code https://github.com/commitizen-tools/commitizen
Issues 116 https://github.com/commitizen-tools/commitizen/issues
Pull requests 45 https://github.com/commitizen-tools/commitizen/pulls
Discussions https://github.com/commitizen-tools/commitizen/discussions
Actions https://github.com/commitizen-tools/commitizen/actions
Projects https://github.com/commitizen-tools/commitizen/projects
Security and quality 0 https://github.com/commitizen-tools/commitizen/security
Insights https://github.com/commitizen-tools/commitizen/pulse
Code https://github.com/commitizen-tools/commitizen
Issues https://github.com/commitizen-tools/commitizen/issues
Pull requests https://github.com/commitizen-tools/commitizen/pulls
Discussions https://github.com/commitizen-tools/commitizen/discussions
Actions https://github.com/commitizen-tools/commitizen/actions
Projects https://github.com/commitizen-tools/commitizen/projects
Security and quality https://github.com/commitizen-tools/commitizen/security
Insights https://github.com/commitizen-tools/commitizen/pulse
Sign up for GitHub https://github.com/signup?return_to=%2Fcommitizen-tools%2Fcommitizen%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://github.com/login?return_to=%2Fcommitizen-tools%2Fcommitizen%2Fissues%2Fnew%2Fchoose
bearomorphismhttps://github.com/bearomorphism
commitizen-tools:masterhttps://github.com/commitizen-tools/commitizen/tree/master
bearomorphism:fix/1772-anchor-bump-pattern-to-titlehttps://github.com/bearomorphism/commitizen/tree/fix/1772-anchor-bump-pattern-to-title
Conversation 5 https://github.com/commitizen-tools/commitizen/pull/1983
Commits 2 https://github.com/commitizen-tools/commitizen/pull/1983/commits
Checks 20 https://github.com/commitizen-tools/commitizen/pull/1983/checks
Files changed 2 https://github.com/commitizen-tools/commitizen/pull/1983/files
fix(bump): only consider commit titles when matching bump patterns https://github.com/commitizen-tools/commitizen/pull/1983/files#top
Show all changes 2 commits https://github.com/commitizen-tools/commitizen/pull/1983/files
38b02dc fix(bump): only consider commit titles when matching bump patterns bearomorphism May 9, 2026 https://github.com/commitizen-tools/commitizen/pull/1983/commits/38b02dc976c90704d1dbb0a45785e501917208c1
91cfb94 test(bump): remove zero-width space from DEPENDABOT_BODY fixture bearomorphism May 9, 2026 https://github.com/commitizen-tools/commitizen/pull/1983/commits/91cfb946f9b5fe8029fe3d5aadcb2ed333b7fb43
Clear filters https://github.com/commitizen-tools/commitizen/pull/1983/files
Please reload this pagehttps://github.com/commitizen-tools/commitizen/pull/1983/files
Please reload this pagehttps://github.com/commitizen-tools/commitizen/pull/1983/files
bump.py https://github.com/commitizen-tools/commitizen/pull/1983/files#diff-ed9bead31489109a8441fbfb00d2ddec00198489b0702bab164825c2d3bd9b4f
test_bump_find_increment.py https://github.com/commitizen-tools/commitizen/pull/1983/files#diff-5cfb403682fbe28d06bdc40f70752abed5558fd98bb81d15e8afd9d32a15a8c0
commitizen/bump.pyhttps://github.com/commitizen-tools/commitizen/pull/1983/files#diff-ed9bead31489109a8441fbfb00d2ddec00198489b0702bab164825c2d3bd9b4f
View file https://github.com/commitizen-tools/commitizen/blob/91cfb946f9b5fe8029fe3d5aadcb2ed333b7fb43/commitizen/bump.py
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/commitizen-tools/commitizen/pull/1983/{{ revealButtonHref }}
https://github.com/commitizen-tools/commitizen/pull/1983/files#diff-ed9bead31489109a8441fbfb00d2ddec00198489b0702bab164825c2d3bd9b4f
https://github.com/commitizen-tools/commitizen/pull/1983/files#diff-ed9bead31489109a8441fbfb00d2ddec00198489b0702bab164825c2d3bd9b4f
tests/test_bump_find_increment.pyhttps://github.com/commitizen-tools/commitizen/pull/1983/files#diff-5cfb403682fbe28d06bdc40f70752abed5558fd98bb81d15e8afd9d32a15a8c0
View file https://github.com/commitizen-tools/commitizen/blob/91cfb946f9b5fe8029fe3d5aadcb2ed333b7fb43/tests/test_bump_find_increment.py
Open in desktop https://desktop.github.com
https://github.co/hiddenchars
https://github.com/commitizen-tools/commitizen/pull/1983/{{ revealButtonHref }}
https://github.com/commitizen-tools/commitizen/pull/1983/files#diff-5cfb403682fbe28d06bdc40f70752abed5558fd98bb81d15e8afd9d32a15a8c0
Please reload this pagehttps://github.com/commitizen-tools/commitizen/pull/1983/files
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.