feat: add automatic version bumping for security updates (#4145)
Add version bumping script and enable postUpgradeTasks for Python
security updates via Renovate.
Changes:
- Add scripts/renovate-security-bump.sh from renovate-config repo
- Configure postUpgradeTasks in renovate.json5 to run the script
- Script automatically bumps version and updates CHANGELOG on security
fixes
When Renovate creates a Python security update PR, it will now:
1. Detect changed dependencies
2. Bump patch version (or release current -dev version)
3. Add security fix entry to CHANGELOG.md
4. Include version and CHANGELOG changes in the PR
🤖 Generated with [Claude Code](https://claude.com/claude-code)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Automates release housekeeping for Python security updates via
Renovate.
>
> - Adds `scripts/renovate-security-bump.sh` to bump
`unstructured/__version__.py` (strip `-dev` or increment patch), detect
changed dependencies, and append a security entry to `CHANGELOG.md`
> - Updates `renovate.json5` to run the script as a `postUpgradeTasks`
step for `pypi` vulnerability alerts on the PR branch
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
7be1a7ce7b1117761aed030638d53edad618099d. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
---------
Co-authored-by: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>
unstructured
100f6f57 - feat: add automatic version bumping for security updates (#4145)
