Bump fonttools from 4.59.1 to 4.60.1

[dependabot]

Bumps fonttools from 4.59.1 to 4.60.1.

Release notes

Sourced from fonttools's releases.

4.60.1

• [ufoLib] Reverted accidental method name change in UFOReader.getKerningGroupConversionRenameMaps that broke compatibility with downstream projects like defcon (#3948, #3947, robotools/defcon#478).
• [ufoLib] Added test coverage for getKerningGroupConversionRenameMaps method (#3950).
• [subset] Don't try to subset BASE table; pass it through by default instead (#3949).
• [subset] Remove empty BaseRecord entries in MarkBasePos lookups (#3897, #3892).
• [subset] Add pruning for MarkLigPos and MarkMarkPos lookups (#3946).
• [subset] Remove duplicate features when subsetting (#3945).
• [Docs] Added documentation for the visitor module (#3944).

4.60.0

• [pointPen] Allow reverseFlipped parameter of DecomposingPointPen to take a ReverseFlipped enum value to control whether/how to reverse contour direction of flipped components, in addition to the existing True/False. This allows to set ReverseFlipped.ON_CURVE_FIRST to ensure that the decomposed outline starts with an on-curve point before being reversed, for better consistency with other segment-oriented contour transformations. The change is backward compatible, and the default behavior hasn't changed (#3934).

• [filterPen] Added ContourFilterPointPen, base pen for buffered contour operations, and OnCurveStartPointPen filter to ensure contours start with an on-curve point (#3934).

• [cu2qu] Fixed difference in cython vs pure-python complex division by real number (#3930).

• [varLib.avar] Refactored and added some new sub-modules and scripts (#3926).

  • varLib.avar.build module to build avar (and a missing fvar) binaries into a possibly empty TTFont,
  • varLib.avar.unbuild module to print a .designspace snippet that would generate the same avar binary,
  • varLib.avar.map module to take TTFont and do the mapping, in user/normalized space,
  • varLib.avar.plan module moved from varLib.avarPlanner.

  The bare fonttools varLib.avar script is deprecated, in favour of fonttools varLib.avar.build (or unbuild).

• [interpolatable] Clarify linear_sum_assignment backend options and minimal dependency usage (#3927).

• [post] Speed up build_psNameMapping (#3923).

• [ufoLib] Added typing annotations to fontTools.ufoLib (#3875).

4.59.2

• [varLib] Clear USE_MY_METRICS component flags when inconsistent across masters (#3912).
• [varLib.instancer] Avoid negative advance width/height values when instatiating HVAR/VVAR, (unlikely in well-behaved fonts) (#3918).
• [subset] Fix shaping behaviour when pruning empty mark sets (#3915, harfbuzz/harfbuzz#5499).
• [cu2qu] Fixed dot() product of perpendicular vectors not always returning exactly 0.0 in all Python implementations (#3911)
• [varLib.instancer] Implemented fully-instantiating avar2 fonts (#3909).
• [feaLib] Allow float values in VariableScalar's axis locations (#3906, #3907).
• [cu2qu] Handle special case in calc_intersect for degenerate cubic curves where 3 to 4 control points are equal (#3904).

Changelog

Sourced from fonttools's changelog.

4.60.1 (released 2025-09-29)

• [ufoLib] Reverted accidental method name change in UFOReader.getKerningGroupConversionRenameMaps that broke compatibility with downstream projects like defcon (#3948, #3947, robotools/defcon#478).
• [ufoLib] Added test coverage for getKerningGroupConversionRenameMaps method (#3950).
• [subset] Don't try to subset BASE table; pass it through by default instead (#3949).
• [subset] Remove empty BaseRecord entries in MarkBasePos lookups (#3897, #3892).
• [subset] Add pruning for MarkLigPos and MarkMarkPos lookups (#3946).
• [subset] Remove duplicate features when subsetting (#3945).
• [Docs] Added documentation for the visitor module (#3944).

4.60.0 (released 2025-09-17)

• [pointPen] Allow reverseFlipped parameter of DecomposingPointPen to take a ReverseFlipped enum value to control whether/how to reverse contour direction of flipped components, in addition to the existing True/False. This allows to set ReverseFlipped.ON_CURVE_FIRST to ensure that the decomposed outline starts with an on-curve point before being reversed, for better consistency with other segment-oriented contour transformations. The change is backward compatible, and the default behavior hasn't changed (#3934).
• [filterPen] Added ContourFilterPointPen, base pen for buffered contour operations, and OnCurveStartPointPen filter to ensure contours start with an on-curve point (#3934).
• [cu2qu] Fixed difference in cython vs pure-python complex division by real number (#3930).
• [varLib.avar] Refactored and added some new sub-modules and scripts (#3926).
  • varLib.avar.build module to build avar (and a missing fvar) binaries into a possibly empty TTFont,
  • varLib.avar.unbuild module to print a .designspace snippet that would generate the same avar binary,
  • varLib.avar.map module to take TTFont and do the mapping, in user/normalized space,
  • varLib.avar.plan module moved from varLib.avarPlanner. The bare fonttools varLib.avar script is deprecated, in favour of fonttools varLib.avar.build (or unbuild).
• [interpolatable] Clarify linear_sum_assignment backend options and minimal dependency usage (#3927).
• [post] Speed up build_psNameMapping (#3923).
• [ufoLib] Added typing annotations to fontTools.ufoLib (#3875).

4.59.2 (released 2025-08-27)

• [varLib] Clear USE_MY_METRICS component flags when inconsistent across masters (#3912).
• [varLib.instancer] Avoid negative advance width/height values when instatiating HVAR/VVAR, (unlikely in well-behaved fonts) (#3918).
• [subset] Fix shaping behaviour when pruning empty mark sets (#3915, harfbuzz/harfbuzz#5499).
• [cu2qu] Fixed dot() product of perpendicular vectors not always returning exactly 0.0 in all Python implementations (#3911)
• [varLib.instancer] Implemented fully-instantiating avar2 fonts (#3909).
• [feaLib] Allow float values in VariableScalar's axis locations (#3906, #3907).
• [cu2qu] Handle special case in calc_intersect for degenerate cubic curves where 3 to 4 control points are equal (#3904).

Commits

• af032c1 Release 4.60.1
• d47d261 Update NEWS.rst
• c734ff2 Merge pull request #3950 from fonttools/test-ufolib-get-kerning-group-convers...
• 45f4fd5 UFOConversion_test: add test for getKerningGroupConversionRenameMaps
• 66dcf09 Merge pull request #3949 from daltonmaag/subsetbase
• ae725ad Don't try and subset BASE either
• 14d9316 Fix test
• 0bb7ee7 Fix formatting
• fab3086 Pass BASE table through subsetter by default
• 5577c9b Merge pull request #3948 from fonttools/ufolib-revert-method-name-change
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	5		0	0	0.11s
✅ COPYPASTE	jscpd	yes		no	no	3.88s
✅ JSON	prettier	2	0	0	0	0.5s
✅ JSON	v8r	2		0	0	2.92s
✅ MARKDOWN	markdownlint	1	0	0	0	0.66s
✅ MARKDOWN	markdown-link-check	1		0	0	1.74s
✅ MARKDOWN	markdown-table-formatter	1	0	0	0	0.24s
✅ PYTHON	bandit	244		0	0	2.96s
✅ PYTHON	black	244	0	0	0	3.43s
✅ PYTHON	flake8	244		0	0	1.49s
✅ PYTHON	isort	244	0	0	0	0.49s
✅ PYTHON	mypy	244		0	0	4.54s
✅ PYTHON	pylint	244		0	0	65.96s
✅ PYTHON	ruff	244	0	0	0	0.03s
✅ REPOSITORY	checkov	yes		no	no	12.8s
✅ REPOSITORY	gitleaks	yes		no	no	1.88s
✅ REPOSITORY	git_diff	yes		no	no	0.0s
❌ REPOSITORY	grype	yes		1	no	25.83s
✅ REPOSITORY	secretlint	yes		no	no	3.27s
✅ REPOSITORY	syft	yes		no	no	1.25s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.13s
✅ REPOSITORY	trufflehog	yes		no	no	15.31s
✅ YAML	prettier	9	0	0	0	0.67s
✅ YAML	v8r	9		0	0	4.86s
✅ YAML	yamllint	9		0	0	0.47s

See detailed report in MegaLinter reports

[github-actions]

Test Results

    3 files  ±0      3 suites  ±0   57m 0s ⏱️ -25s
  449 tests ±0    449 ✅ ±0    0 💤 ±0  0 ❌ ±0 
1 347 runs  ±0  1 121 ✅ ±0  226 💤 ±0  0 ❌ ±0 

Results for commit 3883a00. ± Comparison against base commit ec67f44.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.