diff --git a/lib/pull_request.rb b/lib/pull_request.rb
index 0a3cf86..1fd66c2 100644
--- a/lib/pull_request.rb
+++ b/lib/pull_request.rb
@@ -99,6 +99,10 @@ def head_commit
     @head_commit ||= GitHubClient.instance.commit("alphagov/#{@api_response.base.repo.name}", @api_response.head.sha)
   end
 
+  def commit_message
+    head_commit.commit.message if head_commit
+  end
+
   def gemfile_lock_changes
     head_commit.files.find { |file| file.filename == "Gemfile.lock" }.patch
   end
@@ -125,14 +129,32 @@ def tell_dependency_manager_what_dependencies_are_allowed
   end
 
   def tell_dependency_manager_what_dependabot_is_changing
+    dependency_updates = commit_message.scan(/Updates `(\w+)` from (\d+\.\d+\.\d+) to (\d+\.\d+\.\d)/)
+
+    # Commit messages can have different formats
+    if dependency_updates.empty?
+      dependency_updates = commit_message.scan(/Bump (?:\[.*?\]\(.+?\) )?(\w+) from (\d+\.\d+\.\d+) to (\d+\.\d+\.\d)/)
+    end
+
+    mentioned_dependencies = {}
+
+    dependency_updates.each do |name, from_version, to_version|
+      mentioned_dependencies[name] = [from_version, to_version]
+    end
+
     lines_removed = gemfile_lock_changes.scan(/^-\s+([a-z\-_]+) \(([0-9.]+)\)$/)
     lines_added = gemfile_lock_changes.scan(/^\+\s+([a-z\-_]+) \(([0-9.]+)\)$/)
 
     lines_removed.each do |name, version|
-      dependency_manager.remove_dependency(name:, version:)
+      if mentioned_dependencies.key?(name) && mentioned_dependencies[name][0] == version
+        dependency_manager.remove_dependency(name:, version:)
+      end
     end
+
     lines_added.each do |name, version|
-      dependency_manager.add_dependency(name:, version:)
+      if mentioned_dependencies.key?(name) && mentioned_dependencies[name][1] == version
+        dependency_manager.add_dependency(name:, version:)
+      end
     end
   end
 end
diff --git a/spec/lib/pull_request_spec.rb b/spec/lib/pull_request_spec.rb
index 43b16fc..cab71ed 100644
--- a/spec/lib/pull_request_spec.rb
+++ b/spec/lib/pull_request_spec.rb
@@ -4,6 +4,25 @@
 RSpec.describe PullRequest do
   before { set_up_mock_token }
 
+  def fake_commit
+    <<~TEXT
+      Bump govuk_publishing_components from 35.7.0 to 35.8.0
+
+      Bumps [govuk_publishing_components](https://github.com/alphagov/govuk_publishing_components) from 35.7.0 to 35.8.0.
+      - [Changelog](https://github.com/alphagov/govuk_publishing_components/blob/main/CHANGELOG.md)
+      - [Commits](alphagov/govuk_publishing_components@v35.7.0...v35.8.0)
+
+      ---
+      updated-dependencies:
+      - dependency-name: govuk_publishing_components
+        dependency-type: direct:production
+        update-type: version-update:semver-minor
+      ...
+
+      Signed-off-by: dependabot[bot] <support@github.com>
+    TEXT
+  end
+
   let(:repo_name) { "foo" }
   let(:sha) { "ee241dea8da11aff8e575941c138a7f34ddb1a51" }
   let(:pull_request_api_response) do
@@ -40,6 +59,7 @@
         author: {
           name: "dependabot[bot]",
         },
+        message: fake_commit,
       },
       author: {
         login: "dependabot[bot]",
@@ -318,6 +338,7 @@ def create_mock_dependency_manager
       dependency_manager = double("DependencyManager")
       api_response = "foo"
       pull_request = PullRequest.new(api_response, dependency_manager)
+      allow(pull_request).to receive(:commit_message).and_return(fake_commit)
       allow(pull_request).to receive(:gemfile_lock_changes).and_return(
         <<~GEMFILE_LOCK_DIFF,
           govuk_personalisation (0.13.0)