Fonttools

----------------------------

- [subset] Only prune codepage ranges for OS/2.version >= 1, ignore otherwise (3334).
- [instancer] Ensure hhea vertical metrics stay in sync with OS/2 ones after instancing
MVAR table containing 'hasc', 'hdsc' or 'hlgp' tags (3297).

----------------------------

- [glyf] Have ``Glyph.recalcBounds`` skip empty components (base glyph with no contours)
when computing the bounding box of composite glyphs. This simply restores the existing
behavior before some changes were introduced in fonttools 4.44.0 (3333).

----------------------------

- [feaLib] Ensure variable mark anchors are deep-copied while building since they
get modified in-place and later reused (3330).
- [OS/2|subset] Added method to ``recalcCodePageRanges`` to OS/2 table class; added
``--prune-codepage-ranges`` to `fonttools subset` command (3328, 2607).

----------------------------

- [instancer] Recalc OS/2 AvgCharWidth after instancing if default changes (3317).
- [otlLib] Make ClassDefBuilder class order match varLib.merger's, i.e. large
classes first, then glyph lexicographic order (3321, 3324).
- [instancer] Allow not specifying any of min:default:max values and let be filled
up with fvar's values (3322, 3323).
- [instancer] When running --update-name-table ignore axes that have no STAT axis
values (3318, 3319).
- [Debg] When dumping to ttx, write the embedded JSON as multi-line string with
indentation (92cbfee0d).
- [varStore] Handle > 65535 items per encoding by splitting VarData subtable (3310).
- [subset] Handle null-offsets in MarkLigPos subtables.
- [subset] Keep East Asian spacing fatures vhal, halt, chws, vchw by default (3305).
- [instancer.solver] Fixed case where axisDef < lower and upper < axisMax (3304).
- [glyf] Speed up compilation, mostly around ``recalcBounds`` (3301).
- [varLib.interpolatable] Speed it up when working on variable fonts, plus various
micro-optimizations (3300).
- Require unicodedata2 >= 15.1.0 when installed with 'unicode' extra, contains UCD 15.1.

----------------------------

- [EBDT] Fixed TypeError exception in `_reverseBytes` method triggered when dumping
some bitmap fonts with `ttx -z bitwise` option (3162).
- [v/hhea] Fixed UnboundLocalError exception in ``recalc`` method when no vmtx or hmtx
tables are present (3290).
- [bezierTools] Fixed incorrectly typed cython local variable leading to TypeError when
calling ``calcQuadraticArcLength`` (3288).
- [feaLib/otlLib] Better error message when building Coverage table with missing glyph (3286).

----------------------------

- [subset] Set up lxml ``XMLParser(resolve_entities=False)`` when parsing OT-SVG documents
to prevent XML External Entity (XXE) attacks (9f61271dc):
https://codeql.github.com/codeql-query-help/python/py-xxe/
- [varLib.iup] Added workaround for a Cython bug in ``iup_delta_optimize`` that was
leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas
(60126435d, cython/cython5732).
- [varLib] Added new command-line entry point ``fonttools varLib.avar`` to add an
``avar`` table to an existing VF from axes mappings in a .designspace file (0a3360e52).
- [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned
after VarData optimization (3268).
- Added support for Python 3.12 (3283).