security check: fontTools 4.54.1->4.60.2#35219
Conversation
DuanKuanJun
requested review from
a team,
guanshengliang and
zitsen
as code owners
There was a problem hiding this comment.
Pull request overview
Updates the pinned fonttools dependency to address security scanning findings, and refreshes the Python lockfile used under test/ accordingly.
Changes:
- Bump
fonttoolsintools/tdgpt/requirements.txtfrom 4.54.1 to 4.60.2. - Update
test/uv.lockto newerfonttoolsresolutions (now including marker-specific versions).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| tools/tdgpt/requirements.txt | Updates the pinned fonttools version for the tdgpt tool environment. |
| test/uv.lock | Refreshes resolved fonttools versions and dependency metadata in the test lockfile. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the fonttools dependency across the project. In test/uv.lock, the package is updated to version 4.60.2 for Python environments older than 3.10 and version 4.62.1 for Python 3.10 and above. A version inconsistency was identified in tools/tdgpt/requirements.txt, where fonttools was updated to 4.60.2; it is recommended to update this to 4.62.1 to maintain consistency with the lockfile's resolution for modern Python environments.
Description
Issue(s)
Checklist
Please check the items in the checklist if applicable.