Scheduled weekly dependency update for week 12

[pyup-bot]

Update requests from 2.27.1 to 2.32.5.

Changelog

2.32.5

-------------------

**Bugfixes**

- The SSLContext caching feature originally introduced in 2.32.0 has created
a new class of issues in Requests that have had negative impact across a number
of use cases. The Requests team has decided to revert this feature as long term
maintenance of it is proving to be unsustainable in its current iteration.

**Deprecations**
- Added support for Python 3.14.
- Dropped support for Python 3.8 following its end of support.

2.32.4

-------------------

**Security**
- CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted
environment will retrieve credentials for the wrong hostname/machine from a
netrc file.

**Improvements**
- Numerous documentation improvements

**Deprecations**
- Added support for pypy 3.11 for Linux and macOS.
- Dropped support for pypy 3.9 following its end of support.

2.32.3

-------------------

**Bugfixes**
- Fixed bug breaking the ability to specify custom SSLContexts in sub-classes of
HTTPAdapter. (6716)
- Fixed issue where Requests started failing to run on Python versions compiled
without the `ssl` module. (6724)

2.32.2

-------------------

**Deprecations**
- To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed `_get_connection` to
a new public API, `get_connection_with_tls_context`. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
`get_connection` is considered deprecated in all versions of Requests>=2.32.0.

A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (6710)

2.32.1

-------------------

**Bugfixes**
- Add missing test certs to the sdist distributed on PyPI.

2.32.0

-------------------

**Security**
- Fixed an issue where setting `verify=False` on the first request from a
Session will cause subsequent requests to the _same origin_ to also ignore
cert verification, regardless of the value of `verify`.
(https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56)

**Improvements**
- `verify=True` now reuses a global SSLContext which should improve
request time variance between first and subsequent requests. It should
also minimize certificate load time on Windows systems when using a Python
version built with OpenSSL 3.x. (6667)
- Requests now supports optional use of character detection
(`chardet` or `charset_normalizer`) when repackaged or vendored.
This enables `pip` and other projects to minimize their vendoring
surface area. The `Response.text()` and `apparent_encoding` APIs
will default to `utf-8` if neither library is present. (6702)

**Bugfixes**
- Fixed bug in length detection where emoji length was incorrectly
calculated in the request content-length. (6589)
- Fixed deserialization bug in JSONDecodeError. (6629)
- Fixed bug where an extra leading `/` (path separator) could lead
urllib3 to unnecessarily reparse the request URI. (6644)

**Deprecations**

- Requests has officially added support for CPython 3.12 (6503)
- Requests has officially added support for PyPy 3.9 and 3.10 (6641)
- Requests has officially dropped support for CPython 3.7 (6642)
- Requests has officially dropped support for PyPy 3.7 and 3.8 (6641)

**Documentation**
- Various typo fixes and doc improvements.

**Packaging**
- Requests has started adopting some modern packaging practices.
The source files for the projects (formerly `requests`) is now located
in `src/requests` in the Requests sdist. (6506)
- Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system
using `hatchling`. This should not impact the average user, but extremely old
versions of packaging utilities may have issues with the new packaging format.

2.31.0

-------------------

**Security**
- Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
forwarding of `Proxy-Authorization` headers to destination servers when
following HTTPS redirects.

When proxies are defined with user info (`https://user:passproxy:8080`), Requests
will construct a `Proxy-Authorization` header that is attached to the request to
authenticate with the proxy.

In cases where Requests receives a redirect response, it previously reattached
the `Proxy-Authorization` header incorrectly, resulting in the value being
sent through the tunneled connection to the destination server. Users who rely on
defining their proxy credentials in the URL are *strongly* encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
credentials once the change has been fully deployed.

Users who do not use a proxy or do not supply their proxy credentials through
the user information portion of their proxy URL are not subject to this
vulnerability.

Full details can be read in our [Github Security Advisory](https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q)
and [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681).

2.30.0

-------------------

**Dependencies**
- ⚠️ Added support for urllib3 2.0. ⚠️

This may contain minor breaking changes so we advise careful testing and
reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html
prior to upgrading.

Users who wish to stay on urllib3 1.x can pin to `urllib3<2`.

2.29.0

-------------------

**Improvements**

- Requests now defers chunked requests to the urllib3 implementation to improve
standardization. (6226)
- Requests relaxes header component requirements to support bytes/str subclasses. (6356)

2.28.2

-------------------

**Dependencies**

- Requests now supports charset\_normalizer 3.x. (6261)

**Bugfixes**

- Updated MissingSchema exception to suggest https scheme rather than http. (6188)

2.28.1

-------------------

**Improvements**

- Speed optimization in `iter_content` with transition to `yield from`. (6170)

**Dependencies**

- Added support for chardet 5.0.0 (6179)
- Added support for charset-normalizer 2.1.0 (6169)

2.28.0

-------------------

**Deprecations**

- ⚠️ Requests has officially dropped support for Python 2.7. ⚠️ (6091)
- Requests has officially dropped support for Python 3.6 (including pypy3.6). (6091)

**Improvements**

- Wrap JSON parsing issues in Request's JSONDecodeError for payloads without
an encoding to make `json()` API consistent. (6097)
- Parse header components consistently, raising an InvalidHeader error in
all invalid cases. (6154)
- Added provisional 3.11 support with current beta build. (6155)
- Requests got a makeover and we decided to paint it black. (6095)

**Bugfixes**

- Fixed bug where setting `CURL_CA_BUNDLE` to an empty string would disable
cert verification. All Requests 2.x versions before 2.28.0 are affected. (6074)
- Fixed urllib3 exception leak, wrapping `urllib3.exceptions.SSLError` with
`requests.exceptions.SSLError` for `content` and `iter_content`. (6057)
- Fixed issue where invalid Windows registry entries caused proxy resolution
to raise an exception rather than ignoring the entry. (6149)
- Fixed issue where entire payload could be included in the error message for
JSONDecodeError. (6036)

Links

• PyPI: https://pypi.org/project/requests
• Changelog: https://data.safetycli.com/changelogs/requests/
• Docs: https://requests.readthedocs.io

Update webrequest from 0.0.78 to 0.1.0.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/webrequest
• Repo: https://github.com/fake-name/WebRequest

Update setproctitle from 1.2.2 to 1.3.7.

Changelog

1.3.7

-------------

- Add support for Python 3.14 (issue 152).

1.3.6

-------------

- Add support for free-threading (issue 147).

1.3.5

-------------

- Fix bouncing Dock icon on macOS (issue 143).
- Fix building on C23 compilers (issue 145).

1.3.4

-------------

- Add support for Python 3.13 (issue 139).
- Drop support for Python 3.7.

1.3.3

-------------

- Add support for Python 3.12.
- Fix package metadata to include Python 3.11, 3.12.

1.3.2

-------------

- Restore import-time initialization of macOS to avoid crash on thread+fork
(issue 113).

1.3.1

-------------

- Fixed segfault on macOS 12.5 in forked processes (issue 111).
Note that, as a workaround, Activity Monitor will show the title of the
parent.

1.3.0

-------------

- Added fallback no-op implementation if building the extension fails.
- Added support for displaying title as the process name in MacOS Activity
Monitor (issue 10).
- Fixed "Symbol not found: _Py_GetArgcArgv" error when using Xcode provided
Python (issues 82, 103).
- Fixed FreeBSD support, broken in 1.2 (issue 94).
- Added package type annotations (issue 101).
- Dropped support for Python 3.6.

1.2.3

-------------

- Added Python 3.10 packages (issue 102).
- Added Wheel packages for macOS (issue 96).
- Package build moved to cibuildwheel, other wheels provided (issue 47).

Links

• PyPI: https://pypi.org/project/setproctitle
• Changelog: https://data.safetycli.com/changelogs/setproctitle/
• Repo: https://github.com/dvarrazzo/py-setproctitle

Update tqdm from 4.62.3 to 4.67.3.

Changelog

4.67.3

- fix py3.7 dependencies (1706 <- 1705)

4.67.2

- support `pandas>=3` (1703 <- 1701, 1650, 1700)
- fix `format_interval` for negative numbers (1703)
- misc linting
- framework updates (1704)
+ bump CI workflow & `pre-commit` dependencies
+ add `pyupgrade`
+ add py3.13 support
+ fix py3.7 tests
+ update `setuptools-scm` usage
+ support auto-dedented docstrings when building docs in py3.13
- tests: relax flaky benchmarks

4.67.1

- fix `gui` (`matplotlib` syntax) (1629)
- misc test & framework updates
- bump `pytest-asyncio` (1630)
- fix `codecov` rate limit
- fix pybuild
- sync dependencies

4.67.0

- `contrib.discord`: replace `disco-py` with `requests` (1536)

4.66.6

- cli: zip-safe `--manpath`, `--comppath` (1627)
- misc framework updates (1627)
+ fix `pytest` `DeprecationWarning`
+ fix `snapcraft` build
+ fix `nbval` `DeprecationWarning`
+ update & tidy workflows
+ bump pre-commit
+ docs: update URLs

4.66.5

- support `ncols` auto-detection on FreeBSD (1602 <- https://github.com/casperdcl/git-fame/issues/98)
- fix Python 3.13 CLI (1594 <- 1585)
- fix Python 3.13 tests (1595 <- https://github.com/python/cpython/issues/117536#issuecomment-2036883124)
- misc framework updates (1602)
+ add official Python 3.12 support
+ bump deps (https://github.com/NiklasRosenstein/pydoc-markdown/issues/329, https://github.com/tikitu/jsmin/pull/44)

4.66.4

- `rich`: fix completion (1395 <- 1306)
- minor framework updates & code tidy (1578)

4.66.3

- `cli`: `eval` safety (fixes CVE-2024-34062, GHSA-g7vv-2v7x-gj9p)

4.66.2

- `pandas`: add `DataFrame.progress_map` (1549)
- `notebook`: fix HTML padding (1506)
- `keras`: fix resuming training when `verbose>=2` (1508)
- fix `format_num` negative fractions missing leading zero (1548)
- fix Python 3.12 `DeprecationWarning` on `import` (1519)
- linting: use f-strings (1549)
- update tests (1549)
+ fix `pandas` warnings
+ fix `asv` (https://github.com/airspeed-velocity/asv/issues/1323)
+ fix macos `notebook` docstring indentation
- CI: bump actions (1549)

4.66.1

- fix `utils.envwrap` types (1493 <- 1491, 1320 <- 966, 1319)
+ e.g. cloudwatch & kubernetes workaround: `export TQDM_POSITION=-1`
- drop mentions of unsupported Python versions

4.66.0

- environment variables to override defaults (`TQDM_*`) (1491 <- 1061, 950 <- 614, 1318, 619, 612, 370)
+ e.g. in CI jobs, `export TQDM_MININTERVAL=5` to avoid log spam
+ add tests & docs for `tqdm.utils.envwrap`
- fix & update CLI completion
- fix & update API docs
- minor code tidy: replace `os.path` => `pathlib.Path`
- fix docs image hosting
- release with CI bot account again (https://github.com/cli/cli/issues/6680)

4.65.2

- exclude `examples` from distributed wheel (1492)

4.65.1

- migrate `setup.{cfg,py}` => `pyproject.toml` (1490)
+ fix `asv` benchmarks
+ update docs
- fix snap build (1490)
- fix & update tests (1490)
+ fix flaky notebook tests
+ bump `pre-commit`
+ bump workflow actions

4.65.0

- add Python 3.11 and drop Python 3.6 support (1439, 1419, 502 <- 720, 620)
- misc code & docs tidy
- fix & update CI workflows & tests

4.64.1

- support `ipywidgets>=8`  (1366, 1361 <- 1310, 1359, 1360, 1364)
+ fix jupyter lab display
+ update notebook tests

4.64.0

- add `contrib.slack` (1313)

4.63.2

- `rich`: expose `options` kwargs (1282)
- `autonotebook`: re-enable VSCode (1309)
- misc docs typos (1301, 1299)
- update dev dependencies (1311)

4.63.1

- fix stderr/stdout missing `flush()` (1248 <- 1177)
- misc speed improvements/optimisations

4.63.0

- add `__reversed__()`
- add efficient `__contains__()`
- improve CLI startup time (replace `pkg_resources` => `importlib`)
- `tqdm.autonotebook` warning & `std` fallback on missing `ipywidgets` (1218 <- 1082, 1217)
- warn on positional CLI arguments
- misc build/test framework updates
+ enable `py3.10` tests
+ add `conda` dependencies
+ update pre-commit hooks
+ fix `pytest` config (`nbval`, `asyncio`)
+ fix dependencies & tests
+ fix site deployment

Links

• PyPI: https://pypi.org/project/tqdm
• Changelog: https://data.safetycli.com/changelogs/tqdm/

Update chardet from 4.0.0 to 7.2.0.

Changelog

7.2.0

-------------------

**Features:**

- Added ``include_encodings`` and ``exclude_encodings`` parameters to
:func:`~chardet.detect`, :func:`~chardet.detect_all`, and
:class:`~chardet.UniversalDetector` — restrict or exclude specific
encodings from the candidate set, with corresponding
``-i``/``--include-encodings`` and ``-x``/``--exclude-encodings``
CLI flags
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`343 <https://github.com/chardet/chardet/pull/343>`_)
- Added ``no_match_encoding`` (default ``"cp1252"``) and
``empty_input_encoding`` (default ``"utf-8"``) parameters — control
which encoding is returned when no candidate survives the pipeline or
the input is empty, with corresponding CLI flags
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`343 <https://github.com/chardet/chardet/pull/343>`_)
- Added ``-l``/``--language`` flag to ``chardetect`` CLI — shows the
detected language (ISO 639-1 code and English name) alongside the encoding
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`342 <https://github.com/chardet/chardet/pull/342>`_)

7.1.0

-------------------

**Features:**

- Added PEP 263 encoding declaration detection — `` -*- coding: ... -*-``
and `` coding=...`` declarations on lines 1–2 of Python source files are
now recognized with confidence 0.95
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`249 <https://github.com/chardet/chardet/issues/249>`_)
- Added ``chardet.universaldetector`` backward-compatibility stub so that
``from chardet.universaldetector import UniversalDetector`` works with a
deprecation warning
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`341 <https://github.com/chardet/chardet/issues/341>`_)

**Fixes:**

- Fixed false UTF-7 detection of ASCII text containing ``++`` or ``+word``
patterns
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`332 <https://github.com/chardet/chardet/issues/332>`_,
`335 <https://github.com/chardet/chardet/pull/335>`_)
- Fixed 0.5s startup cost on first ``detect()`` call — model norms are now
computed during loading instead of lazily iterating 21M entries
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`333 <https://github.com/chardet/chardet/issues/333>`_,
`336 <https://github.com/chardet/chardet/pull/336>`_)
- Fixed undocumented encoding name changes between chardet 5.x and 7.0 —
``detect()`` now returns chardet 5.x-compatible names by default
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`338 <https://github.com/chardet/chardet/pull/338>`_)
- Improved ISO-2022-JP family detection — recognizes ESC sequences for
ISO-2022-JP-2004 (JIS X 0213) and ISO-2022-JP-EXT (JIS X 0201 Kana)
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Fixed silent truncation of corrupt model data (``iter_unpack`` yielded
fewer tuples instead of raising)
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Fixed incorrect date in LICENSE
(`Dan Blanchard <https://github.com/dan-blanchard>`_)

**Performance:**

- 5.5x faster first-detect time (~0.42s → ~0.075s) by computing model
norms as a side-product of ``load_models()``
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- ~40% faster model parsing via ``struct.iter_unpack`` for bulk entry
extraction (eliminates ~305K individual ``unpack`` calls)
(`Dan Blanchard <https://github.com/dan-blanchard>`_)

**New API parameters:**

- Added ``compat_names`` parameter (default ``True``) to
:func:`~chardet.detect`, :func:`~chardet.detect_all`, and
:class:`~chardet.UniversalDetector` — set to ``False`` to get raw Python
codec names instead of chardet 5.x/6.x compatible display names
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Added ``prefer_superset`` parameter (default ``False``) — remaps legacy
ISO/subset encodings to their modern Windows/CP superset equivalents
(e.g., ASCII → Windows-1252, ISO-8859-1 → Windows-1252).
**This will default to ``True`` in the next major version (8.0).**
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Deprecated ``should_rename_legacy`` in favor of ``prefer_superset`` —
a deprecation warning is emitted when used
(`Dan Blanchard <https://github.com/dan-blanchard>`_)

**Improvements:**

- Switched internal canonical encoding names to Python codec names
(e.g., ``"utf-8"`` instead of ``"UTF-8"``), with ``compat_names``
controlling the public output format.  See :doc:`usage` for the full
mapping table.
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Added ``lookup_encoding()`` to ``registry`` for case-insensitive
resolution of arbitrary encoding name input to canonical names
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Achieved 100% line coverage across all source modules (+31 tests)
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Updated benchmark numbers: 98.2% encoding accuracy, 95.2% language
accuracy on 2,510 test files
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Pinned test-data cloning to chardet release version tags for
reproducible builds
(`Dan Blanchard <https://github.com/dan-blanchard>`_)

7.0.1

-------------------

**Fixes:**

- Fixed false UTF-7 detection of SHA-1 git hashes
(`Alex Rembish <https://github.com/rembish>`_,
`324 <https://github.com/chardet/chardet/pull/324>`_)
- Fixed ``_SINGLE_LANG_MAP`` missing aliases for single-language encoding
lookup (e.g., ``big5`` → ``big5hkscs``)
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Fixed PyPy ``TypeError`` in UTF-7 codec handling
(`Dan Blanchard <https://github.com/dan-blanchard>`_)

**Improvements:**

- Retrained bigram models — 24 previously failing test cases now pass
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Updated language equivalences for mutual intelligibility (Slovak/Czech,
East Slavic + Bulgarian, Malay/Indonesian, Scandinavian languages)
(`Dan Blanchard <https://github.com/dan-blanchard>`_)

7.0.0

-------------------

Ground-up, MIT-licensed rewrite of chardet
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`322 <https://github.com/chardet/chardet/pull/322>`_). Same package name,
same public API — drop-in replacement for chardet 5.x/6.x.

**Highlights:**

- **MIT license** (previous versions were LGPL)
- **96.8% accuracy** on 2,179 test files (+2.3pp vs chardet 6.0.0,
+7.7pp vs charset-normalizer)
- **41x faster** than chardet 6.0.0 with mypyc (**28x** pure Python),
**7.5x faster** than charset-normalizer
- **Language detection** for every result (90.5% accuracy across 49
languages)
- **99 encodings** across six eras (MODERN_WEB, LEGACY_ISO, LEGACY_MAC,
LEGACY_REGIONAL, DOS, MAINFRAME)
- **12-stage detection pipeline** — BOM, UTF-16/32 patterns, escape
sequences, binary detection, markup charset, ASCII, UTF-8 validation,
byte validity, CJK gating, structural probing, statistical scoring,
post-processing
- **Bigram frequency models** trained on CulturaX multilingual corpus
data for all supported language/encoding pairs
- **Optional mypyc compilation** — 1.49x additional speedup on CPython
- **Thread-safe** ``detect()`` and ``detect_all()`` with no measurable
overhead; scales on free-threaded Python 3.13t+
- **Negligible import memory** (96 B)
- **Zero runtime dependencies**

6.0.0.post1

-------------------------

- Fixed ``__version__`` not being set correctly in the package
(`Dan Blanchard <https://github.com/dan-blanchard>`_)

6.0.0

-------------------

**Features:**

- Unified single-byte charset detection with proper language-specific
bigram models for all single-byte encodings (replaces ``Latin1Prober``
and ``MacRomanProber`` heuristics)
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- 38 new languages: Arabic, Belarusian, Breton, Croatian, Czech, Danish,
Dutch, English, Esperanto, Estonian, Farsi, Finnish, French, German,
Icelandic, Indonesian, Irish, Italian, Kazakh, Latvian, Lithuanian,
Macedonian, Malay, Maltese, Norwegian, Polish, Portuguese, Romanian,
Scottish Gaelic, Serbian, Slovak, Slovene, Spanish, Swedish, Tajik,
Ukrainian, Vietnamese, Welsh
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- ``EncodingEra`` filtering via new ``encoding_era`` parameter
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- ``max_bytes`` and ``chunk_size`` parameters for ``detect()``,
``detect_all()``, and ``UniversalDetector``
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- ``-e``/``--encoding-era`` CLI flag
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- EBCDIC detection (CP037, CP500)
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Direct GB18030 support (replaces redundant GB2312 prober)
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Binary file detection
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Python 3.12, 3.13, and 3.14 support
(`Hugo van Kemenade <https://github.com/hugovk>`_,
`283 <https://github.com/chardet/chardet/pull/283>`_)
- GitHub Codespaces support
(`oxygen dioxide <https://github.com/oxygen-dioxide>`_,
`312 <https://github.com/chardet/chardet/pull/312>`_)

**Breaking changes:**

- Dropped Python 3.7, 3.8, and 3.9 (requires Python 3.10+)
- Removed ``Latin1Prober`` and ``MacRomanProber``
- Removed EUC-TW support
- Removed ``LanguageFilter.NONE``
- ``detect()`` default changed to ``encoding_era=EncodingEra.MODERN_WEB``

**Fixes:**

- Fixed CP949 state machine
(`nenw* <https://github.com/HelloWorld017>`_,
`268 <https://github.com/chardet/chardet/pull/268>`_)
- Fixed SJIS distribution analysis (second-byte range >= 0x80)
(`Kadir Can Ozden <https://github.com/bysiber>`_,
`315 <https://github.com/chardet/chardet/pull/315>`_)
- Fixed ``max_bytes`` not being passed to ``UniversalDetector``
(`Kadir Can Ozden <https://github.com/bysiber>`_,
`314 <https://github.com/chardet/chardet/pull/314>`_)
- Fixed UTF-16/32 detection for non-ASCII-heavy text
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Fixed GB18030 ``char_len_table``
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Fixed UTF-8 state machine
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Fixed ``detect_all()`` returning inactive probers
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Fixed early cutoff bug
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Updated LGPLv2.1 license text for remote-only FSF address
(`Ben Beasley <https://github.com/musicinmybrain>`_,
`307 <https://github.com/chardet/chardet/pull/307>`_)

5.2.0

-------------------

- Added support for running the CLI via ``python -m chardet``
(`Dan Blanchard <https://github.com/dan-blanchard>`_)

5.1.0

-------------------

- Added ``should_rename_legacy`` argument to remap legacy encoding names
to modern equivalents
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`264 <https://github.com/chardet/chardet/pull/264>`_)
- Added MacRoman encoding prober
(`Elia Robyn Lake <https://github.com/rspeer>`_)
- Added ``--minimal`` flag to ``chardetect`` CLI
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`214 <https://github.com/chardet/chardet/pull/214>`_)
- Added type annotations and mypy CI
(`Jon Dufresne <https://github.com/jdufresne>`_,
`261 <https://github.com/chardet/chardet/pull/261>`_)
- Added support for Python 3.11
(`Hugo van Kemenade <https://github.com/hugovk>`_,
`274 <https://github.com/chardet/chardet/pull/274>`_)
- Added ISO-8859-15 capital letter sharp S handling
(`Simon Waldherr <https://github.com/SimonWaldherr>`_,
`222 <https://github.com/chardet/chardet/pull/222>`_)
- Clarified LGPL version in license trove classifier
(`Ben Beasley <https://github.com/musicinmybrain>`_,
`255 <https://github.com/chardet/chardet/pull/255>`_)
- Removed support for Python 3.6
(`Jon Dufresne <https://github.com/jdufresne>`_,
`260 <https://github.com/chardet/chardet/pull/260>`_)

5.0.0

-------------------

- Added Johab Korean prober
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`207 <https://github.com/chardet/chardet/pull/207>`_)
- Added UTF-16/32 BE/LE probers
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`206 <https://github.com/chardet/chardet/pull/206>`_)
- Added test data for Croatian, Czech, Hungarian, Polish, Slovak,
Slovene, Greek, Turkish
(`Dan Blanchard <https://github.com/dan-blanchard>`_)
- Improved XML tag filtering
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`208 <https://github.com/chardet/chardet/pull/208>`_)
- Made ``detect_all`` return child prober confidences
(`Dan Blanchard <https://github.com/dan-blanchard>`_,
`210 <https://github.com/chardet/chardet/pull/210>`_)
- Added support for Python 3.10
(`Hugo van Kemenade <https://github.com/hugovk>`_,
`232 <https://github.com/chardet/chardet/pull/232>`_)
- Slight performance increase
(`deedy5 <https://github.com/deedy5>`_,
`252 <https://github.com/chardet/chardet/pull/252>`_)
- Dropped Python 2.7, 3.4, 3.5 (requires Python 3.6+)

Links

• PyPI: https://pypi.org/project/chardet
• Changelog: https://data.safetycli.com/changelogs/chardet/

Update pymysql from 1.0.2 to 1.1.2.

The bot wasn't able to find a changelog for this release. Got an idea?

Links

• PyPI: https://pypi.org/project/pymysql

Update statsd from 3.3.0 to 4.0.1.

Changelog

4.0.1

Fixed

- Updated PyPI trove classifiers for current Python versions.

4.0

Added

- Updates support to Python 3.7 through 3.11.
- Added `close()` method to UDP-based `StatsClient`. (136)

Dropped

- Drops support for Python 2.

Fixed

- Using a timing decorator on an async function should now properly measure the
execution time, instead of counting immediately. See 119.

Links

• PyPI: https://pypi.org/project/statsd
• Changelog: https://data.safetycli.com/changelogs/statsd/

Update xxhash from 2.0.2 to 3.6.0.

Changelog

3.6.0

~~~~~~~~~~~~~~~~~

- Build wheels for Python 3.14
- Python free-threading support
- Typing: Use Buffer type stubs
- Deprecate xxhash.VERSION_TUPLE, it will be removed in the next major release

3.5.0

~~~~~~~~~~~~~~~~~

- Build wheels for Python 3.13

3.4.1

~~~~~~~~~~~~~~~~~

- Build wheels for Python 3.12
- Remove setuptools_scm

3.4.0

~~~~~~~~~~~~~~~~~

*Yanked* due to wheels building problem.

3.3.0

~~~~~~~~~~~~~~~~~

- Upgrade xxHash to v0.8.2
- Drop support for Python 3.6

3.2.0

~~~~~~~~~~~~~~~~~

This is the last version to support Python 3.6

- Build Python 3.11 wheels.
- Remove setup.py test_suites, call unittest directly

3.1.0

~~~~~~~~~~~~~~~~~

- Type annotations.
- Enabled muslinux wheels building.

3.0.0

~~~~~~~~~~~~~~~~~

- New set `algorithms_available` lists all implemented algorithms in `xxhash`
package.
- Upgrade xxHash to v0.8.1.
- Drop support for EOL Python versions, require python >= 3.6 from now on.
- Migrate to github actions and build arm64 wheels for macOS.
- Always release GIL.

Links

• PyPI: https://pypi.org/project/xxhash
• Changelog: https://data.safetycli.com/changelogs/xxhash/
• Repo: https://github.com/ifduyue/python-xxhash

Update objgraph from 3.5.0 to 3.6.2.

Changelog

3.6.2

------------------

- Add support for Python 3.13.

3.6.1

------------------

- Add support for Python 3.12.

3.6.0

------------------

- Add support for Python 3.9, 3.10, and 3.11.

- Drop support for Python 2.7 and 3.6.

Links

• PyPI: https://pypi.org/project/objgraph
• Changelog: https://data.safetycli.com/changelogs/objgraph/
• Homepage: https://mg.pov.lt/objgraph/

Update cssutils from 2.3.1 to 2.11.1.

Changelog

2.11.1

=======

Bugfixes
--------

- Consolidated license to simply LGPL 3. (52)

2.11.0

=======

Features
--------

- Reduced cyclomatic complexity in selector module. (47)

2.10.3

=======

Bugfixes
--------

- Fixed DeprecationWarning with cgi module.

2.10.2

=======

Bugfixes
--------

- Remove optional dependency only required on unsupported Python versions. (48)

2.10.1

=======

Bugfixes
--------

- Replace xunit-style setup with pytest fixtures. (45)

2.10.0

=======

Features
--------

- getPropertyValue now allows specifying a default value. (42)

2.9.0

======

Features
--------

- Made URL fetcher lenient to missing metadata.

2.8.0

======

Features
--------

- Require Python 3.8 or later.


Bugfixes
--------

- Made some unreachable tests reachable.

2.7.1

======

36: Refactored to restore docs builds without warning-errors.

2.7.0

======

35: Updated deprecated usage of ``cgi`` module.

34: Updated deprecated setup/teardown from ``nose`` in tests.

Other miscellaneous cleanup and packaging updates.

2.6.0

======

14: Added support for custom CSS variables with ``--`` prefix.

2.5.1

======

Some refactoring.

2.5.0

======

Substantial code refresh. Ported tests to native pytest.

Enrolled project with Tidelift.

2.4.2

======

24: Added Python 3.11 compatibility to tests.

2.4.1

======

22: Removed ``cssutils.tests.basetest.get_resource_filename``.
21: Cleaned up docs so they build without warnings.

2.4.0

======

Require Python 3.7.

Links

• PyPI: https://pypi.org/project/cssutils
• Changelog: https://data.safetycli.com/changelogs/cssutils/
• Docs: https://pythonhosted.org/cssutils/

Update tinycss2 from 1.1.1 to 1.5.1.

Changelog

1.5.1

- Include parsing tests in source tarball

1.5.0

- Support most of CSS Color Level 5
- Fix tokenizer crash on escaped Dimension units and Function names

1.4.0

* Support CSS Color Level 4

1.3.0

* Support CSS nesting
* Deprecate parse_declaration_list, use parse_blocks_contents instead

1.2.1

* Fix tests included in the source tarball

1.2.0

* Drop support of Python 3.6
* Fix serialization of nested functions with no parameters
* Don’t use pytest plugins by default

Links

• PyPI: https://pypi.org/project/tinycss2
• Changelog: https://data.safetycli.com/changelogs/tinycss2/

Update fontTools from 4.27.1 to 4.62.1.

Changelog

4.62.1

----------------------------

- [feaLib] Extend contextual rule merging to all rule types: single subst, GSUB/GPOS
named lookups, ignore rules, and chained alternate subst (4061).

4.62.0

----------------------------

- [diff] Add new ``fonttools diff`` command for comparing font files, imported from the
``fdiff`` project and heavily reworked (1190, 4007, 4009, 4011, 4013, 4019).
- [feaLib] Fix ``VariableScalar`` interpolation bug with non-linear avar mappings. Also
decouple ``VariableScalar`` from compiled fonts, allowing it to work with designspace data
before compilation (3938, 4054).
- [feaLib] Fix ``VariableScalar`` axis ordering and iterative delta rounding to match fontc
behavior (4053).
- [feaLib] Merge chained multi subst rules with same context into a single subtable instead of
emitting one subtable per glyph (4016, 4058).
- [feaLib] Pass location to ``ConditionsetStatement`` to fix glyphsLib round-tripping
(fontra/fontra-glyphs130, 4057).
- [feaLib] Write ``0xFFFF`` instead of ``0`` for missing nameIDs in ``cv`` feature params
(4010, 4012).
- [cmap] Fix ``CmapSubtable.__lt__()`` ``TypeError`` on Python 3 when subtables share the
same encoding record, and add compile-time validation for unique encoding records (4035,
4055).
- [svgLib] Skip non-element XML nodes (comments, processing instructions) when drawing SVG
paths (4042, 4043).
- [glifLib] Fix regression reading glyph outlines when ``glyphObject=None`` (4030, 4031).
- [pointPen] Fix ``SegmentToPointPen`` edge case: only remove a duplicate final point on
``closePath()`` if it is an on-curve point (4014, 4015).
- [cffLib] **SECURITY** Replace ``eval()`` with ``safeEval()`` in ``parseBlendList()`` to
prevent arbitrary code execution from crafted TTX files (4039, 4040).
- [ttLib] Remove defunct Adobe SING Glyphlet tables (``META``, ``SING``, ``GMAP``, ``GPKG``)
(4044).
- [varLib.interpolatable] Various bugfixes: fix swapped nodeTypes assignment, duplicate
kink-detector condition, typos, CFF2 vsindex parsing, glyph existence check, and plot
helpers (4046).
- [varLib.models] Fix ``getSubModel`` not forwarding ``extrapolate``/``axisRanges``; check
location uniqueness after stripping zeros (4047).
- [varLib] Fix ``--variable-fonts`` filter in ``build_many``; remove dead code and fix
comments (4048).
- [avar] Preserve existing name table in build; keep ``unbuild`` return types consistent;
validate ``map`` CLI coordinates (4051).
- [cu2qu/qu2cu] Add input validation: reject non-positive tolerances, validate curve inputs
and list lengths (4052).
- [colorLib] Raise a clear ``ColorLibError`` when base glyphs are missing from glyphMap,
instead of a confusing ``KeyError`` (4041).
- [glyf] Remove unnecessary ``fvar`` table dependency (4017).
- [fvar/trak] Remove unnecessary ``name`` table dependency (4018).
- [ufoLib] Relax guideline validation to follow the updated spec (3537, 3553).
- [ttFont] Fix ``saveXML`` regression with empty table lists, clarify docstring (4025, 4026,
4056).
- [setup.py] Link ``libm`` for Cython extensions using math functions (4028, 4029).
- Add typing annotations for ``DSIG``, ``DefaultTable``, ``ttProgram`` (4033).

4.61.1

----------------------------

- [otlLib] buildCoverage: return empty Coverage instead of None (4003, 4004).
- [instancer] bug fix in ``avar2`` full instancing (4002).
- [designspaceLib] Preserve empty conditionsets when serializing to XML (4001).
- [fontBu ilder] Fix FontBuilder ``setupOS2()`` default params globally polluted (3996, 3997).
- [ttFont] Add more typing annotations to ttFont, xmlWriter, sfnt, varLib.models and others (3952, 3826).
- Explicitly test and declare support for Python 3.14, even though we were already shipping pre-built wheels for it (3990).

4.61.0

----------------------------

- [varLib.main]: **SECURITY** Only use basename(vf.filename) to prevent path traversal attacks when
running ``fonttools varLib`` command, or code which invokes ``fonttools.varLib.main()``.
Fixes CVE-2025-66034, see:
https://github.com/fonttools/fonttools/security/advisories/GHSA-768j-98cg-p3fv.
- [feaLib] Sort BaseLangSysRecords by tag (3986).
- Drop support for EOL Python 3.9 (3982).
- [instancer] Support --remove-overlaps for fonts with CFF2 table (3975).
- [CFF2ToCFF] Add --remove-overlaps option (3976).
- [feaLib] Raise an error for rsub with NULL target (3979).
- [bezierTools] Fix logic bug in curveCurveIntersections (3963).
- [feaLib] Error when condition sets have the same name (3958).
- [cu2qu.ufo] skip processing empty glyphs to support sparse kerning masters (3956).
- [unicodedata] Update to Unicode 17. Require ``unicodedata2 >= 17.0.0`` when installed with 'unicode' extra.

4.60.2

----------------------------

- **Backport release** Same as 4.61.0 but without "Drop support for EOL Python 3.9" change to allow
downstream projects still on Python 3.9 to avail of the security fix for CVE-2025-66034 (3994, 3999).

4.60.1

----------------------------

- [ufoLib] Reverted accidental method name change in ``UFOReader.getKerningGroupConversionRenameMaps``
that broke compatibility with downstream projects like defcon (3948, 3947, robotools/defcon478).
- [ufoLib] Added test coverage for ``getKerningGroupConversionRenameMaps`` method (3950).
- [subset] Don't try to subset BASE table; pass it through by default instead (3949).
- [subset] Remove empty BaseRecord entries in MarkBasePos lookups (3897, 3892).
- [subset] Add pruning for MarkLigPos and MarkMarkPos lookups (3946).
- [subset] Remove duplicate features when subsetting (3945).
- [Docs] Added documentation for the visitor module (3944).

4.60.0

----------------------------

- [pointPen] Allow ``reverseFlipped`` parameter of ``DecomposingPointPen`` to take a ``ReverseFlipped``
enum value to control whether/how to reverse contour direction of flipped components, in addition to
the existing True/False. This allows to set ``ReverseFlipped.ON_CURVE_FIRST`` to ensure that
the decomposed outline starts with an on-curve point before being reversed, for better consistency
with other segment-oriented contour transformations. The change is backward compatible, and the
default behavior hasn't changed (3934).
- [filterPen] Added ``ContourFilterPointPen``, base pen for buffered contour operations, and
``OnCurveStartPointPen`` filter to ensure contours start with an on-curve point (3934).
- [cu2qu] Fixed difference in cython vs pure-python complex division by real number (3930).
- [varLib.avar] Refactored and added some new sub-modules and scripts (3926).
* ``varLib.avar.build`` module to build avar (and a missing fvar) binaries into a possibly empty TTFont,
* ``varLib.avar.unbuild`` module to print a .designspace snippet that would generate the same avar binary,
* ``varLib.avar.map`` module to take TTFont and do the mapping, in user/normalized space,
* ``varLib.avar.plan`` module moved from ``varLib.avarPlanner``.
The bare ``fonttools varLib.avar`` script is deprecated, in favour of ``fonttools varLib.avar.build`` (or ``unbuild``).
- [interpolatable] Clarify ``linear_sum_assignment`` backend options and minimal dependency
usage (3927).
- [post] Speed up ``build_psNameMapping`` (3923).
- [ufoLib] Added typing annotations to fontTools.ufoLib (3875).

4.59.2

----------------------------

- [varLib] Clear ``USE_MY_METRICS`` component flags when inconsistent across masters (3912).
- [varLib.instancer] Avoid negative advance width/height values when instatiating HVAR/VVAR,
(unlikely in well-behaved fonts) (3918).
- [subset] Fix shaping behaviour when pruning empty mark sets (3915, harfbuzz/harfbuzz5499).
- [cu2qu] Fixed ``dot()`` product of perpendicular vectors not always returning exactly 0.0
in all Python implementations (3911)
- [varLib.instancer] Implemented fully-instantiating ``avar2`` fonts (3909).
- [feaLib] Allow float values in ``VariableScalar``'s axis locations (3906, 3907).
- [cu2qu] Handle special case in ``calc_intersect`` for degenerate cubic curves where 3 to 4
control points are equal (3904).

4.59.1

----------------------------

- [featureVars] Update OS/2.usMaxContext if possible after addFeatureVariationsRaw (3894).
- [vhmtx] raise TTLibError('not enough data...') when hmtx/vmtx are truncated (3843, 3901).
- [feaLib] Combine duplicate features that have the same set of lookups regardless of the order in which those lookups are added to the feature (3895).
- [varLib] Deprecate ``varLib.mutator`` in favor of ``varLib.instancer``. The latter
provides equivalent full (static font) instancing in addition to partial VF instancing.
CLI users should replace ``fonttools varLib.mutator`` with ``fonttools varLib.instancer``.
API users should migrate to ``fontTools.varLib.instancer.instantiateVariableFont`` (2680).

4.59.0

----------------------------

- Removed hard-dependency on pyfilesystem2 (``fs`` package) from ``fonttools[ufo]`` extra.
This is replaced by the `fontTools.misc.filesystem` package, a stdlib-only, drop-in
replacement for the subset of the pyfilesystem2's API used by ``fontTools.ufoLib``.
The latter should continue to work with the upstream ``fs`` (we even test with/without).
Clients who wish to continue using ``fs`` can do so by depending on it directly instead
of via the ``fonttools[ufo]`` extra (3885, 3620).
- [xmlWriter] Replace illegal XML characters (e.g. control or non-characters) with "?"
when dumping to ttx (3868, 71).
- [varLib.hvar] Fixed vertical metrics fields copy/pasta error (3884).
- Micro optimizations in ttLib and sstruct modules (3878, 3879).
- [unicodedata] Add Garay script to RTL_SCRIPTS (3882).
- [roundingPen] Remove unreliable kwarg usage. Argument names aren’t consistent among
point pens’ ``.addComponent()`` implementations, in particular ``baseGlyphName``
vs ``glyphName`` (3880).

4.58.5

----------------------------

- [feaLib] Don't try to combine ligature & multisub rules (3874).
- [feaLib/ast] Use weakref proxies to avoid cycles in visitor (3873).
- [varLib.instancer] Fixed instancing CFF2 fonts where VarData contains more than 64k items (3858).

4.58.4

----------------------------

- [feaLib] Allow for empty MarkFilter & MarkAttach sets (3856).

4.58.3

----------------------------

- [feaLib] Fixed iterable check for Python 3.13.4 and newer (3854, 3855).

4.58.2

----------------------------

- [ttLib.reorderGlyphs] Handle CFF2 when reordering glyphs (3852)
- [subset] Copy name IDs in use before scrapping or scrambling them for webfonts (3853)

4.58.1

----------------------------

- [varLib] Make sure that fvar named instances only reuse name ID 2 or 17 if they are at the default location across all axes, to match OT spec requirement (3831).
- [feaLib] Improve single substitution promotion to multiple/ligature substitutions, fixing a few bugs as well (3849).
- [loggingTools] Make ``Timer._time`` a static method that doesn't take self, makes it easier to override (3836).
- [featureVars] Use ``None`` for empty ConditionSet, which translates to a null offset in the compiled table (3850).
- [feaLib] Raise an error on conflicting ligature substitution rules instead of silently taking the last one (3835).
- Add typing annotations to T2CharStringPen (3837).
- [feaLib] Add single substitutions that were promoted to multiple or ligature substitutions to ``aalt`` feature (3847).
- [featureVars] Create a default ``LangSys`` in a ``ScriptRecord`` if missing when adding feature variations to existing GSUB later in the build (3838).
- [symfont] Added a ``main()``.
- [cffLib.specializer] Fix rmoveto merging when blends used (3839, 3840).
- [pyftmerge] Add support for cmap format 14 in the merge tool (3830).
- [varLib.instancer/cff2] Fix vsindex of Private dicts when instantiating (3828, 3232).
- Update text file read to use UTF-8 with optional BOM so it works with e.g. Windows Notepad.exe (3824).
- [varLib] Ensure that instances only reuse name ID 2 or 17 if they are at the default location across all axes (3831).
- [varLib] Create a dflt LangSys in a ScriptRecord when adding variations later, to fix an avoidable crash in an edge case (3838).

4.58.0

----------------------------

- Drop Python 3.8, require 3.9+ (3819)
- [HVAR, VVAR] Prune unused regions when using a direct mapping (3797)
- [Docs] Improvements to ufoLib documentation (3721)
- [Docs] Improvements to varLib documentation (3727)
- [Docs] Improvements to Pens and pen-module documentation (3724)
- [Docs] Miscellany updates to docs (misc modules and smaller modules) (3730)
- [subset] Close codepoints over BiDi mirror variants. (3801)
- [feaLib] Fix serializing ChainContextPosStatement and
ChainContextSubstStatement in some rare cases (3788)
- [designspaceLib] Clarify user expectations for getStatNames (2892)
- [GVAR] Add support for new `GVAR` table (3728)
- [TSI0, TSI5] Derive number of entries to decompile from data length (2477)
- [ttLib] Fix `AttributeError` when reporting table overflow (3808)
- [ttLib] Apply rounding more often in getCoordinates (3798)
- [ttLib] Ignore component bounds if empty (3799)
- [ttLib] Change the separator for duplicate glyph names from "" to "." (3809)
- [feaLib] Support subtable breaks in CursivePos, MarkBasePos, MarkToLigPos and
MarkToMarkPos lookups (3800, 3807)
- [feaLib] If the same lookup has single substitutions and ligature
substitutions, upgrade single substitutions to ligature substitutions with
one input glyph (3805)
- [feaLib] Correctly handle <NULL> in single pos lookups (3803)
- [feaLib] Remove duplicates from class pair pos classes instead of raising an
error (3804)
- [feaLib] Support creating extension lookups using useExtenion lookup flag
instead of silently ignoring it (3811)
- [STAT] Add typing for the simpler STAT arguments (3812)
- [otlLib.builder] Add future import for annotations (3814)
- [cffLib] Fix reading supplement encoding (3813)
- [voltLib] Add some missing functionality and fixes to voltLib and VoltToFea,
making the conversion to feature files more robust. Add also `fonttools
voltLib` command line tool to compile VOLT sources directly (doing an
intermediate fea conversion internally) (3818)
- [pens] Add some PointPen annotations (3820)

4.57.0

----------------------------

- [ttLib.__main__] Add `--no-recalc-timestamp` flag (3771)
- [ttLib.__main__] Add `-b` (recalcBBoxes=False) flag (3772)
- [cmap] Speed up glyphOrder loading from cmap (3774)
- [ttLib.__main__] Improvements around the `-t` flag (3776)
- [Debg] Fix parsing from XML; add roundtrip tests (3781)
- [fealib] Support \*Base.MinMax tables (3783, 3786)
- [config] Add OPTIMIZE_FONT_SPEED (3784)
- [varLib.hvar] New module to add HVAR table to the font (3780)
- [otlLib.optimize] Fix crash when the provided TTF does not contain a `GPOS` (3794)

4.56.0

----------------------------

- [varStore] Sort the input todo list with the same sorting key used for the opimizer's output (3767).
- [otData] Fix DeviceTable's ``DeltaValue`` repeat value which caused a crash after importing from XML and then compiling a GPOS containing Device tables (3758).
- [feaLib] Make ``FeatureLibError`` pickleable, so client can e.g. use feaLib to can compile features in parallel with multiprocessing (3762).
- [varLib/gvar] Removed workaround for old, long-fixed macOS bug about composite glyphs with all zero deltas (1381, 1788).
- [Docs] Updated ttLib documentation, beefed up TTFont and TTGlyphSet explanations (3720).

4.55.8

----------------------------

- [MetaTools] Fixed bug in buildUCD.py script whereby the first non-header line of some UCD text file was being skipped. This affected in particular the U+00B7 (MIDDLE DOT) entry of ScriptExtensions.txt (3756).

4.55.7

----------------------------

- Shorten the changelog included in PyPI package description to accommodate maximum length limit imposed by Azure DevOps. No actual code changes since v4.55.6 (3754).

4.55.6

----------------------------

- [glyf] Fixed regression introduced in 4.55.5 when computing bounds of nested composite glyphs  with transformed components (3752).

4.55.5

----------------------------

- [glyf] Fixed recalcBounds of transformed components with unrounded coordinates (3750).
- [feaLib] Allow duplicate script/language statements (3749).

4.55.4

----------------------------

- [bezierTools] Fixed ``splitCubicAtT`` sometimes not returning identical start/end points as result of numerical precision (3742, 3743).
- [feaLib/ast] Fixed docstring of ``AlternateSubstStatement`` (3735).
- [transform] Typing fixes (3734).

4.55.3

----------------------------

- [Docs] fill out ttLib table section [3716]
- [feaLib] More efficient inline format 4 lookups [3726]

4.55.2

----------------------------

- [Docs] update Sphinx config (3712)
- [designspaceLib] Allow axisOrdering to be set to zero (3715)
- [feaLib] Don’t modify variable anchors in place (3717)

4.55.1

----------------------------

- [ttGlyphSet] Support VARC CFF2 fonts (3683)
- [DecomposedTransform] Document and implement always skewY == 0 (3697)
- [varLib] "Fix" cython iup issue? (3704)
- Cython minor refactor (3705)

4.55.0

----------------------------

- [cffLib.specializer] Adjust stack use calculation (3689)
- [varLib] Lets not add mac names if the rest of name doesn't have them (3688)
- [ttLib.reorderGlyphs] Update CFF table charstrings and charset (3682)
- [cffLib.specializer] Add cmdline to specialize a CFF2 font (3675, 3679)
- [CFF2] Lift uint16 VariationStore.length limitation (3674)
- [subset] consider variation selectors subsetting cmap14 (3672)
- [varLib.interpolatable] Support CFF2 fonts (3670)
- Set isfinal to true in XML parser for proper resource cleanup (3669)
- [removeOverlaps] Fix CFF CharString width (3659)
- [glyf] Add optimizeSize option (3657)
- Python 3.13 support (3656)
- [TupleVariation] Optimize for loading speed, not size (3650, 3653)

4.54.1

----------------------------

- [unicodedata] Update to Unicode 16
- [subset] Escape ``\\`` in doc string

4.54.0

----------------------------

- [Docs] Small docs cleanups by n8willis (3611)
- [Docs] cleanup code blocks by n8willis (3627)
- [Docs] fix Sphinx builds by n8willis (3625)
- [merge] Minor fixes to documentation for merge by drj11 (3588)
- [subset] Small tweaks to pyftsubset documentation by RoelN (3633)
- [Tests] Do not require fonttools command to be available by behdad (3612)
- [Tests] subset_test: add failing test to reproduce issue 3616 by anthrotype (3622)
- [ttLib] NameRecordVisitor: include whole sequence of character variants' UI labels, not just the first by anthrotype (3617)
- [varLib.avar] Reconstruct mappings from binary by behdad (3598)
- [varLib.instancer] Fix visual artefacts with partial L2 instancing by Hoolean (3635)
- [varLib.interpolatable] Support discrete axes in .designspace by behdad (3599)
- [varLib.models] By default, assume OpenType-like normalized space by behdad (3601)

4.53.1

----------------------------

- [feaLib] Improve the sharing of inline chained lookups (3559)
- [otlLib] Correct the calculation of OS/2.usMaxContext with reversed chaining contextual single substitutions (3569)
- [misc.visitor] Visitors search the inheritance chain of objects they are visiting (3581)

4.53.0

----------------------------

- [ttLib.removeOverlaps] Support CFF table to aid in downconverting CFF2 fonts (3528)
- [avar] Fix crash when accessing not-yet-existing attribute (3550)
- [docs] Add buildMathTable to otlLib.builder documentation (3540)
- [feaLib] Allow UTF-8 with BOM when reading features (3495)
- [SVGPathPen] Revert rounding coordinates to two decimal places by default (3543)
- [varLib.instancer] Refix output filename decision-making  (3545, 3544, 3548)

4.52.4

----------------------------

- [varLib.cff] Restore and deprecate convertCFFtoCFF2 that was removed in 4.52.0
release as it is used by downstream projects (3535).

4.52.3

----------------------------

- Fixed a small syntax error in the reStructuredText-formatted NEWS.rst file
which caused the upload to PyPI to fail for 4.52.2. No other code changes.

4.52.2

----------------------------

- [varLib.interpolatable] Ensure that scipy/numpy output is JSON-serializable
(3522, 3526).
- [housekeeping] Regenerate table lists, to fix pyinstaller packaging of the new
``VARC`` table (3531, 3529).
- [cffLib] Make CFFToCFF2 and CFF2ToCFF more robust (3521, 3525).

4.52.1

----------------------------

- Fixed a small syntax error in the reStructuredText-formatted NEWS.rst file
which caused the upload to PyPI to fail for 4.52.0. No other code changes.

4.52.0

----------------------------

- Added support for the new ``VARC`` (Variable Composite) table that is being
proposed to OpenType spec (3395). For more info:
https://github.com/harfbuzz/boring-expansion-spec/blob/main/VARC.md
- [ttLib.__main__] Fixed decompiling all tables (90fed08).
- [feaLib] Don't reference the same lookup index multiple times within the same
feature record, it is only applied once anyway (3520).
- [cffLib] Moved methods to desubroutinize, remove hints and unused subroutines
from subset module to cffLib (3517).
- [varLib.instancer] Added support for partial-instancing CFF2 tables! Also, added
method to down-convert from CFF2 to CFF 1.0, and CLI entry points to convert
CFF<->CFF2 (3506).
- [subset] Prune unused user name IDs even with --name-IDs='*' (3410).
- [ttx] use GNU-style getopt to intermix options and positional arguments (3509).
- [feaLib.variableScalar] Fixed ``value_at_location()`` method (3491)
- [psCharStrings] Shorten output of ``encodeFloat`` (3492).
- [bezierTools] Fix infinite-recursion in ``calcCubicArcLength`` (3502).
- [avar2] Implement ``avar2`` support in ``TTFont.getGlyphSet()`` (3473).

4.51.0

----------------------------

- [ttLib] Optimization on loading aux fields (3464).
- [ttFont] Add reorderGlyphs (3468).

4.50.0

----------------------------

- [pens] Added decomposing filter pens that draw components as regular contours (3460).
- [instancer] Drop explicit no-op axes from TupleVariations (3457).
- [cu2qu/ufo] Return set of modified glyph names from fonts_to_quadratic (3456).

4.49.0

----------------------------

- [otlLib] Add API for building ``MATH`` table (3446)

4.48.1

----------------------------

- Fixed uploading wheels to PyPI, no code changes since v4.48.0.

4.48.0

----------------------------

- [varLib] Do not log when there are no OTL tables to be merged.
- [setup.py] Do not restrict lxml<5 any more, tests pass just fine with lxml>=5.
- [feaLib] Remove glyph and class names length restrictions in FEA (3424).
- [roundingPens] Added ``transformRoundFunc`` parameter to the rounding pens to allow
for custom rounding of the components' transforms (3426).
- [feaLib] Keep declaration order of ligature components within a ligature set, instead
of sorting by glyph name (3429).
- [feaLib] Fixed ordering of alternates in ``aalt`` lookups, following the declaration
order of feature references within the ``aalt`` feature block (3430).
- [varLib.instancer] Fixed a bug in the instancer's IUP optimization (3432).
- [sbix] Support sbix glyphs with new graphicType "flip" (3433).
- [svgPathPen] Added ``--glyphs`` option to dump the SVG paths for the named glyphs
in the font (0572f78).
- [designspaceLib] Added "description" attribute to ``<mappings>`` and ``<mapping>``
elements, and allow multiple ``<mappings>`` elements to group ``<mapping>`` elements
that are logically related (3435, 3437).
- [otlLib] Correctly choose the most compact GSUB contextual lookup format (3439).

4.47.2

----------------------------

Minor release to fix uploading wheels to PyPI.

4.47.1

----------------------------

- [merge] Improve help message and add standard command line options (3408)
- [otlLib] Pass ``ttFont`` to ``name.addName`` in ``buildStatTable`` (3406)
- [featureVars] Re-use ``FeatureVariationRecord``'s when possible (3413)

4.47.0

----------------------------

- [varLib.models] New API for VariationModel: ``getMasterScalars`` and
``interpolateFromValuesAndScalars``.
- [varLib.interpolatable] Various bugfixes and rendering improvements. In particular,
add a Summary page in the front, and an Index and Table-of-Contents in the back.
Change the page size to Letter.
- [Docs/designspaceLib] Defined a new ``public.fontInfo`` lib key, not used anywhere yet (3358).

4.46.0

----------------------------

- [featureVars] Allow to register the same set of substitution rules to multiple features.
The ``addFeatureVariations`` function can now take a list of featureTags; similarly, the
lib key 'com.github.fonttools.varLib.featureVarsFeatureTag' can now take a
comma-separateed string of feature tags (e.g. "salt,ss01") instead of a single tag (3360).
- [featureVars] Don't overwrite GSUB FeatureVariations, but append new records to it
for features which are not already there. But raise ``VarLibError`` if the feature tag
already has feature variations associated with it (3363).
- [varLib] Added ``addGSUBFeatureVariations`` function to add GSUB Feature Variations
to an existing variable font from rules defined in a DesignSpace document (3362).
- [varLib.interpolatable] Various bugfixes and rendering improvements. In particular,
a new test for "underweight" glyphs. The new test reports quite a few false-positives
though. Please send feedback.

4.45.1

----------------------------

- [varLib.interpolatable] Various bugfixes and improvements, better reporting, reduced
false positives.
- [ttGlyphSet] Added option to not recalculate glyf bounds (3348).

4.45.0

----------------------------

- [varLib.interpolatable] Vastly improved algorithms. Also available now is ``--pdf``
and ``--html`` options to generate a PDF or HTML report of the interpolation issues.
The PDF/HTML report showcases the problematic masters, the interpolated broken
glyph, as well as the proposed fixed version.

4.44.3

----------------------------

- [subset] Only prune codepage ranges for OS/2.version >= 1, ignore otherwise (3334).
- [instancer] Ensure hhea vertical metrics stay in sync with OS/2 ones after instancing
MVAR table containing 'hasc', 'hdsc' or 'hlgp' tags (3297).

4.44.2

----------------------------

- [glyf] Have ``Glyph.recalcBounds`` skip empty components (base glyph with no contours)
when computing the bounding box of composite glyphs. This simply restores the existing
behavior before some changes were introduced in fonttools 4.44.0 (3333).

4.44.1

----------------------------

- [feaLib] Ensure variable mark anchors are deep-copied while building since they
get modified in-place and later reused (3330).
- [OS/2|subset] Added method to ``recalcCodePageRanges`` to OS/2 table class; added
``--prune-codepage-ranges`` to `fonttools subset` command (3328, 2607).

4.44.0

----------------------------

- [instancer] Recalc OS/2 AvgCharWidth after instancing if default changes (3317).
- [otlLib] Make ClassDefB

[pyup-bot]

Closing this in favor of #1017