fix: address jaraco CVE (#4198)
`jaraco-context` was being flagged as having CVE GHSA-58pv-8j8x-9vj2 in
our container. This is fixed in version 6.1.0, but the vulnerable
version of `jaraco-context` is vendored in the latest version of
`setuptools`. Thus a simple upgrade in the requirements won't work,
since `jaraco-context` isn't managed by `pip`.
The solution used here is to uninstall `setuptools` after it's needed. A
complication was that there were 4(!) versions of Python installed in
the image. So uninstalling `setuptools` in Python 3.12 was not clearing
the CVE flag since it was also installed in Python 3.13. So this PR also
removes the other Python versions.
Validate this PR by observing no CVEs associated with `jaraco-context`
appear in the docker scan.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Addresses container CVE and streamlines the image.
>
> - **Security:** Uninstalls `setuptools` (removing vendored
`jaraco.context`) in `Dockerfile` to resolve `GHSA-58pv-8j8x-9vj2`
> - Removes unused Python versions (`3.10`, `3.11`, `3.13`) so CVE
removal applies uniformly across interpreters
> - Updates version to `0.18.30-dev3` in `unstructured/__version__.py`
and adds changelog entry noting the CVE resolution
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fe64d0ecb56c73ced99b83516ab09dfde69818eb. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
