fix(bump): only consider commit titles when matching bump patterns

`find_increment` previously scanned every line of every commit message
when looking for the conventional-commits type token. Auto-generated
commit bodies (notably Dependabot PR descriptions that quote upstream
changelog lines like `fix: ...`) frequently contain text that matches
the bump pattern even though no in-repo change of that type happened.
The result was false-positive `PATCH` bumps on plain `ci:` commits
(#1772).

Restrict type-pattern matching to the commit title (the first line),
where the conventional-commits type lives. The body is still scanned,
but only for `BREAKING CHANGE:` / `BREAKING-CHANGE:` footers, which
the spec places there. Other body lines no longer drive the increment.

Closes #1772

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: bearomorphism

commitizen/bump.py

@@ -34,7 +34,20 @@ def find_increment(
     increment: str | None = None
 
     for commit in commits:
-        for message in commit.message.split("\n"):
+        # We only consider:
+        #   * the commit title (the first line, where the commit type lives), and
+        #   * lines in the body that are a ``BREAKING CHANGE:`` /
+        #     ``BREAKING-CHANGE:`` footer (per the Conventional Commits spec).
+        # Scanning every body line for type-prefixed text matches generated
+        # commit bodies (e.g. Dependabot quoting an upstream changelog with a
+        # ``fix:`` line) and produces false-positive bumps -- see #1772.
+        candidate_lines = [commit.title]
+        for body_line in commit.body.split("\n"):
+            stripped = body_line.lstrip()
+            if stripped.startswith(("BREAKING CHANGE:", "BREAKING-CHANGE:")):
+                candidate_lines.append(stripped)
+
+        for message in candidate_lines:
             result = select_pattern.search(message)
 
             if result:

tests/test_bump_find_increment.py

@@ -122,3 +122,51 @@ def test_find_increment_sve(messages, expected_type):
         commits, regex=semantic_version_pattern, increments_map=semantic_version_map
     )
     assert increment_type == expected_type
+
+
+# Mimics the dependabot pull request body that triggered #1772: a ``ci:``
+# title with a commit body that quotes upstream changelog lines, including
+# ``fix: ...`` text. None of the body lines should bump the version.
+DEPENDABOT_BODY = (
+    "Bumps actions/upload-artifact from 5 to 6.\n"
+    "<details>\n"
+    "<summary>Commits</summary>\n"
+    "<ul>\n"
+    '<li><a href="...">b5b1a91</a>\n'
+    "fix: update <code>@​actions/artifact</code> to ^5.0.0 for Node.js 24\n"
+    "punycode fix</li>\n"
+    '<li><a href="...">5f643d3</a>\n'
+    "chore: update license files</li>\n"
+    "</ul>\n"
+    "</details>\n"
+)
+
+
+def test_find_increment_ignores_type_tokens_in_commit_body():
+    """Regression test for #1772: a ``ci:`` commit whose body lists upstream
+    commit messages -- including ones that look like ``fix:`` -- must not
+    trigger a PATCH bump. Only the title's commit type counts."""
+    commit = GitCommit(rev="test", title="ci: bump dep", body=DEPENDABOT_BODY)
+    increment_type = bump.find_increment(
+        [commit],
+        regex=ConventionalCommitsCz.bump_pattern,
+        increments_map=ConventionalCommitsCz.bump_map,
+    )
+    assert increment_type is None
+
+
+def test_find_increment_still_honors_breaking_change_in_body():
+    """The ``BREAKING CHANGE:`` / ``BREAKING-CHANGE:`` footer in a commit body
+    must still trigger a MAJOR bump even after the #1772 fix; only commit
+    *types* are now restricted to the title."""
+    commit = GitCommit(
+        rev="test",
+        title="feat: new user interface",
+        body="some body content\n\nBREAKING CHANGE: age is no longer supported",
+    )
+    increment_type = bump.find_increment(
+        [commit],
+        regex=ConventionalCommitsCz.bump_pattern,
+        increments_map=ConventionalCommitsCz.bump_map,
+    )
+    assert increment_type == "MAJOR"