Skip to content

Bump the dependabot group with 2 updates#490

Merged
kralka merged 1 commit intomainfrom
dependabot/pip/dependabot-f5dc15829c
Mar 16, 2026
Merged

Bump the dependabot group with 2 updates#490
kralka merged 1 commit intomainfrom
dependabot/pip/dependabot-f5dc15829c

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026

Bumps the dependabot group with 2 updates: fonttools and kiwisolver.

Updates fonttools from 4.61.0 to 4.62.1

Release notes

Sourced from fonttools's releases.

4.62.1

  • [feaLib] Extend contextual rule merging to all rule types: single subst, GSUB/GPOS named lookups, ignore rules, and chained alternate subst (#4061).

4.62.0

  • [diff] Add new fonttools diff command for comparing font files, imported from the fdiff project and heavily reworked (#1190, #4007, #4009, #4011, #4013, #4019).
  • [feaLib] Fix VariableScalar interpolation bug with non-linear avar mappings. Also decouple VariableScalar from compiled fonts, allowing it to work with designspace data before compilation (#3938, #4054).
  • [feaLib] Fix VariableScalar axis ordering and iterative delta rounding to match fontc behavior (#4053).
  • [feaLib] Merge chained multi subst rules with same context into a single subtable instead of emitting one subtable per glyph (#4016, #4058).
  • [feaLib] Pass location to ConditionsetStatementfontra/fontra-glyphs#130#4057).
  • [feaLib] Write 0xFFFF instead of 0 for missing nameIDs in cv feature params (#4010, #4012).
  • [cmap] Fix CmapSubtable.__lt__() TypeError on Python 3 when subtables share the same encoding record, and add compile-time validation for unique encoding records (#4035, #4055).
  • [svgLib] Skip non-element XML nodes (comments, processing instructions) when drawing SVG paths (#4042, #4043).
  • [glifLib] Fix regression reading glyph outlines when glyphObject=None (#4030, #4031).
  • [pointPen] Fix SegmentToPointPen edge case: only remove a duplicate final point on closePath() if it is an on-curve point (#4014, #4015).
  • [cffLib] SECURITY Replace eval() with safeEval() in parseBlendList() to prevent arbitrary code execution from crafted TTX files (#4039, #4040).
  • [ttLib] Remove defunct Adobe SING Glyphlet tables (META, SING, GMAP, GPKG) (#4044).
  • [varLib.interpolatable] Various bugfixes: fix swapped nodeTypes assignment, duplicate kink-detector condition, typos, CFF2 vsindex parsing, glyph existence check, and plot helpers (#4046).
  • [varLib.models] Fix getSubModel not forwarding extrapolate/axisRanges; check location uniqueness after stripping zeros (#4047).
  • [varLib] Fix --variable-fonts filter in build_many; remove dead code and fix comments (#4048).
  • [avar] Preserve existing name table in build; keep unbuild return types consistent; validate map CLI coordinates (#4051).
  • [cu2qu/qu2cu] Add input validation: reject non-positive tolerances, validate curve inputs and list lengths (#4052).
  • [colorLib] Raise a clear ColorLibError when base glyphs are missing from glyphMap, instead of a confusing KeyError (#4041).
  • [glyf] Remove unnecessary fvar table dependency (#4017).
  • [fvar/trak] Remove unnecessary name table dependency (#4018).
  • [ufoLib] Relax guideline validation to follow the updated spec (#3537, #3553).
  • [ttFont] Fix saveXML regression with empty table lists, clarify docstring (#4025, #4026, #4056).
  • [setup.py] Link libm for Cython extensions using math functions (#4028, #4029).
  • Add typing annotations for DSIG, DefaultTable, ttProgram (#4033).

4.61.1

  • [otlLib] buildCoverage: return empty Coverage instead of None (#4003, #4004).
  • [instancer] bug fix in avar2 full instancing (#4002).
  • [designspaceLib] Preserve empty conditionsets when serializing to XML (#4001).
  • [fontBu ilder] Fix FontBuilder setupOS2() default params globally polluted (#3996, #3997).
  • [ttFont] Add more typing annotations to ttFont, xmlWriter, sfnt, varLib.models and others (#3952, #3826).
  • Explicitly test and declare support for Python 3.14, even though we were already shipping pre-built wheels for it (#3990).
Changelog

Sourced from fonttools's changelog.

4.62.1 (released 2026-03-13)

  • [feaLib] Extend contextual rule merging to all rule types: single subst, GSUB/GPOS named lookups, ignore rules, and chained alternate subst (#4061).

4.62.0 (released 2026-03-09)

  • [diff] Add new fonttools diff command for comparing font files, imported from the fdiff project and heavily reworked (#1190, #4007, #4009, #4011, #4013, #4019).
  • [feaLib] Fix VariableScalar interpolation bug with non-linear avar mappings. Also decouple VariableScalar from compiled fonts, allowing it to work with designspace data before compilation (#3938, #4054).
  • [feaLib] Fix VariableScalar axis ordering and iterative delta rounding to match fontc behavior (#4053).
  • [feaLib] Merge chained multi subst rules with same context into a single subtable instead of emitting one subtable per glyph (#4016, #4058).
  • [feaLib] Pass location to ConditionsetStatement to fix glyphsLib round-tripping fontra/fontra-glyphs#130#4057).
  • [feaLib] Write 0xFFFF instead of 0 for missing nameIDs in cv feature params (#4010, #4012).
  • [cmap] Fix CmapSubtable.__lt__() TypeError on Python 3 when subtables share the same encoding record, and add compile-time validation for unique encoding records (#4035, #4055).
  • [svgLib] Skip non-element XML nodes (comments, processing instructions) when drawing SVG paths (#4042, #4043).
  • [glifLib] Fix regression reading glyph outlines when glyphObject=None (#4030, #4031).
  • [pointPen] Fix SegmentToPointPen edge case: only remove a duplicate final point on closePath() if it is an on-curve point (#4014, #4015).
  • [cffLib] SECURITY Replace eval() with safeEval() in parseBlendList() to prevent arbitrary code execution from crafted TTX files (#4039, #4040).
  • [ttLib] Remove defunct Adobe SING Glyphlet tables (META, SING, GMAP, GPKG) (#4044).
  • [varLib.interpolatable] Various bugfixes: fix swapped nodeTypes assignment, duplicate kink-detector condition, typos, CFF2 vsindex parsing, glyph existence check, and plot helpers (#4046).
  • [varLib.models] Fix getSubModel not forwarding extrapolate/axisRanges; check location uniqueness after stripping zeros (#4047).
  • [varLib] Fix --variable-fonts filter in build_many; remove dead code and fix comments (#4048).
  • [avar] Preserve existing name table in build; keep unbuild return types consistent; validate map CLI coordinates (#4051).
  • [cu2qu/qu2cu] Add input validation: reject non-positive tolerances, validate curve inputs and list lengths (#4052).
  • [colorLib] Raise a clear ColorLibError when base glyphs are missing from glyphMap, instead of a confusing KeyError (#4041).
  • [glyf] Remove unnecessary fvar table dependency (#4017).
  • [fvar/trak] Remove unnecessary name table dependency (#4018).
  • [ufoLib] Relax guideline validation to follow the updated spec (#3537, #3553).

... (truncated)

Commits
  • da54a29 Release 4.62.1
  • ad47e60 Merge pull request #4061 from fonttools/merge-chained-rules
  • 8060f6a Rename _merge_contextual_rule to _add_contextual_rule
  • 0903764 Reuse and merge chained alternate subst lookups
  • bbdcfc2 Add tests for contextual rule merge optimization
  • 2a6072f Merge consecutive contextual rules with same context
  • 11e9bfa Fix typo in cu2qu help message
  • 211171b Bump version: 4.62.0 → 4.62.1.dev0
  • 0aee8a7 Merge pull request #4060 from fonttools/remove-py23-pipe-test
  • ee39ede [tests] Remove obsolete py23 OpenFuncWrapperTest
  • Additional commits viewable in compare view

Updates kiwisolver from 1.4.9 to 1.5.0

Release notes

Sourced from kiwisolver's releases.

1.5.0

What's Changed

New Contributors

Full Changelog: nucleic/kiwi@1.4.9...1.5.0

Changelog

Sourced from kiwisolver's changelog.

Wrappers 1.5.0 | Solver 1.5.0 | 09/03/2026

  • add support for CMakeLists PR #206
  • implement more move constructor in the C++ code PR #207
  • add C++ tests PR #207
  • add support for GraalPy PR #204
  • add RiscV support PR #208
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependabot group with 2 updates
2a3a169 
Bumps the dependabot group with 2 updates: [fonttools](https://github.com/fonttools/fonttools) and [kiwisolver](https://github.com/nucleic/kiwi).


Updates `fonttools` from 4.61.0 to 4.62.1
- [Release notes](https://github.com/fonttools/fonttools/releases)
- [Changelog](https://github.com/fonttools/fonttools/blob/main/NEWS.rst)
- [Commits](fonttools/fonttools@4.61.0...4.62.1)

Updates `kiwisolver` from 1.4.9 to 1.5.0
- [Release notes](https://github.com/nucleic/kiwi/releases)
- [Changelog](https://github.com/nucleic/kiwi/blob/main/releasenotes.rst)
- [Commits](nucleic/kiwi@1.4.9...1.5.0)

---
updated-dependencies:
- dependency-name: fonttools
  dependency-version: 4.62.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependabot
- dependency-name: kiwisolver
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependabot
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python labels Mar 16, 2026
@coveralls
Copy link

coveralls commented Mar 16, 2026

Pull Request Test Coverage Report for Build 23133445987

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 86.632%
Totals Coverage Status
Change from base Build 23129609781: 0.0%
Covered Lines: 3156
Relevant Lines: 3643
💛 - Coveralls

@kralka kralka added this pull request to the merge queue Mar 16, 2026
Merged via the queue into main with commit c2439e4 Mar 16, 2026
19 checks passed
@dependabot dependabot bot deleted the dependabot/pip/dependabot-f5dc15829c branch March 16, 2026 09:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kralka kralka kralka approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@coveralls @kralka