chore: add shared renovate config with version bumping by lawrence-u10d · Pull Request #531 · Unstructured-IO/unstructured-api

lawrence-u10d · 2025-12-24T20:56:04Z

Summary

Adds renovate.json5 extending shared Unstructured config
Enables security-only dependency updates (Python, Docker, GitHub Actions)
Includes automatic version bumping and CHANGELOG updates on security fixes

Test plan

Verify Renovate picks up config and creates dependency dashboard
Test version bump script locally with mock changes

🤖 Generated with Claude Code

Note

Sets up Renovate with security-only Python dependency updates and automates release/versioning on those PRs.

Adds renovate.json5 extending shared config; for pypi vulnerability alerts runs scripts/renovate-security-bump.sh with VERSION_FILE=prepline_general/api/__version__.py, filtering changes to version file and CHANGELOG.md
New bash script: detects version source (__version__.py or pyproject.toml), reads current version, strips -dev or bumps patch, writes back, and updates CHANGELOG.md
Auto-detects changed packages from requirements/*.txt|*.in, uv.lock, or pyproject.toml and inserts a concise "Security update" entry, respecting existing changelog header/subsection styles

^{Written by Cursor Bugbot for commit 64ce590. This will update automatically on new commits. Configure here.}

- Extends shared Unstructured renovate config for security-only dependency updates - Includes version bumping script for automatic version and CHANGELOG updates 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

scripts/renovate-security-bump.sh

Syncs script with latest version from renovate-config that includes: - shfmt formatting (2-space indents) - pyproject.toml versioning support 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

scripts/renovate-security-bump.sh

- PEP 508 compliant package name regex (supports dots) - Detection for requirements/*.in files - Detection for pyproject.toml dependencies - Better logging of detected packages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

scripts/renovate-security-bump.sh

🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

scripts/renovate-security-bump.sh

- Use portable sed for pyproject version extraction (avoid \x27) - Discard trailing content in pyproject version extraction - Include detected packages in changelog entries - Prevent substring match of CHANGELOG dev version header 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Script now detects CHANGELOG format (brackets, subsections) and adapts output accordingly. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

scripts/renovate-security-bump.sh

🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>