Fonttools

Latest version: v4.55.3

Safety actively analyzes 688896 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 7 of 37

4.39.3

Not secure
----------------------------

- [sbix] Fixed TypeError when compiling empty glyphs whose imageData is None, regression
was introduced in v4.39 (3059).
- [ttFont] Fixed AttributeError on python <= 3.10 when opening a TTFont from a tempfile
SpooledTemporaryFile, seekable method only added on python 3.11 (3052).

4.39.2

Not secure
----------------------------

- [varLib] Fixed regression introduced in 4.39.1 whereby an incomplete 'STAT' table
would be built even though a DesignSpace v5 did contain 'STAT' definitions (3045, 3046).

4.39.1

Not secure
----------------------------

- [avar2] Added experimental support for reading/writing avar version 2 as specified in
this draft proposal: https://github.com/harfbuzz/boring-expansion-spec/blob/main/avar2.md
- [glifLib] Wrap underlying XML library exceptions with GlifLibError when parsing GLIFs,
and also print the name and path of the glyph that fails to be parsed (3042).
- [feaLib] Consult avar for normalizing user-space values in ConditionSets and in
VariableScalars (3042, 3043).
- [ttProgram] Handle string input to Program.fromAssembly() (3038).
- [otlLib] Added a config option to emit GPOS 7 lookups, currently disabled by default
because of a macOS bug (3034).
- [COLRv1] Added method to automatically compute ClipBoxes (3027).
- [ttFont] Fixed getGlyphID to raise KeyError on missing glyphs instead of returning
None. The regression was introduced in v4.27.0 (3032).
- [sbix] Fixed UnboundLocalError: cannot access local variable 'rawdata' (3031).
- [varLib] When building VF, do not overwrite a pre-existing ``STAT`` table that was built
with feaLib from FEA feature file. Also, added support for building multiple VFs
defined in Designspace v5 from ``fonttools varLib`` script (3024).
- [mtiLib] Only add ``Debg`` table with lookup names when ``FONTTOOLS_LOOKUP_DEBUGGING``
env variable is set (3023).

4.39.0

Not secure
----------------------------

- [mtiLib] Optionally add `Debg` debug info for MTI feature builds (3018).
- [ttx] Support reading input file from standard input using special `-` character,
similar to existing `-o -` option to write output to standard output (3020).
- [cython] Prevent ``cython.compiled`` raise AttributeError if cython not installed
properly (3017).
- [OS/2] Guard against ZeroDivisionError when calculating xAvgCharWidth in the unlikely
scenario no glyph has non-zero advance (3015).
- [subset] Recompute xAvgCharWidth independently of --no-prune-unicode-ranges,
previously the two options were involuntarily bundled together (3012).
- [fontBuilder] Add ``debug`` parameter to addOpenTypeFeatures method to add source
debugging information to the font in the ``Debg`` private table (3008).
- [name] Make NameRecord `__lt__` comparison not fail on Unicode encoding errors (3006).
- [featureVars] Fixed bug in ``overlayBox`` (3003, 3005).
- [glyf] Added experimental support for cubic bezier curves in TrueType glyf table, as
outlined in glyf v1 proposal (2988):
https://github.com/harfbuzz/boring-expansion-spec/blob/main/glyf1-cubicOutlines.md
- Added new qu2cu module and related qu2cuPen, the reverse of cu2qu for converting
TrueType quadratic splines to cubic bezier curves (2993).
- [glyf] Added experimental support for reading and writing Variable Composites/Components
as defined in glyf v1 spec proposal (2958):
https://github.com/harfbuzz/boring-expansion-spec/blob/main/glyf1-varComposites.md.
- [pens]: Added `addVarComponent` method to pen protocols' base classes, which pens can implement
to handle varcomponents (by default they get decomposed) (2958).
- [misc.transform] Added DecomposedTransform class which implements an affine transformation
with separate translate, rotation, scale, skew, and transformation-center components (2598)
- [sbix] Ensure Glyph.referenceGlyphName is set; fixes error after dumping and
re-compiling sbix table with 'dupe' glyphs (2984).
- [feaLib] Be cleverer when merging chained single substitutions into same lookup
when they are specified using the inline notation (2150, 2974).
- [instancer] Clamp user-inputted axis ranges to those of fvar (2959).
- [otBase/subset] Define ``__getstate__`` for BaseTable so that a copied/pickled 'lazy'
object gets its own OTTableReader to read from; incidentally fixes a bug while
subsetting COLRv1 table containing ClipBoxes on python 3.11 (2965, 2968).
- [sbix] Handle glyphs with "dupe" graphic type on compile correctly (2963).
- [glyf] ``endPointsOfContours`` field should be unsigned! Kudos to behdad for
spotting one of the oldest bugs in FT. Probably nobody has ever dared to make
glyphs with more than 32767 points... (2957).
- [feaLib] Fixed handling of ``ignore`` statements with unmarked glyphs to match
makeotf behavior, which assumes the first glyph is marked (2950).
- Reformatted code with ``black`` and enforce new code style via CI check (2925).
- [feaLib] Sort name table entries following OT spec prescribed order in the builder (2927).
- [cu2quPen] Add Cu2QuMultiPen that converts multiple outlines at a time in
interpolation compatible way; its methods take a list of tuples arguments
that would normally be passed to individual segment pens, and at the end it
dispatches the converted outlines to each pen (2912).
- [reverseContourPen/ttGlyphPen] Add outputImpliedClosingLine option (2913, 2914,
2921, 2922, 2995).
- [gvar] Avoid expanding all glyphs unnecessarily upon compile (2918).
- [scaleUpem] Fixed bug whereby CFF2 vsindex was scaled; it should not (2893, 2894).
- [designspaceLib] Add DS.getAxisByTag and refactor getAxis (2891).
- [unicodedata] map Zmth<->math in ot_tag_{to,from}_script (1737, 2889).
- [woff2] Support encoding/decoding OVERLAP_SIMPLE glyf flags (2576, 2884).
- [instancer] Update OS/2 class and post.italicAngle when default moved (L4)
- Dropped support for Python 3.7 which reached EOL, fontTools requires 3.8+.
- [instancer] Fixed instantiateFeatureVariations logic when a rule range becomes
default-applicable (2737, 2880).
- [ttLib] Add main to ttFont and ttCollection that just decompile and re-compile the
input font (2869).
- [featureVars] Insert 'rvrn' lookup at the beginning of LookupList, to work around bug
in Apple implementation of 'rvrn' feature which the spec says it should be processed
early whereas on macOS 10.15 it follows lookup order (2140, 2867).
- [instancer/mutator] Remove 'DSIG' table if present.
- [svgPathPen] Don't close path in endPath(), assume open unless closePath() (2089, 2865).

4.38.0

Not secure
----------------------------

- [varLib.instancer] Added support for L4 instancing, i.e. moving the default value of
an axis while keeping it variable. Thanks Behdad! (2728, 2861).
It's now also possible to restrict an axis min/max values beyond the current default
value, e.g. a font wght has min=100, def=400, max=900 and you want a partial VF that
only varies between 500 and 700, you can now do that.
You can either specify two min/max values (wght=500:700), and the new default will be
set to either the minimum or maximum, depending on which one is closer to the current
default (e.g. 500 in this case). Or you can specify three values (e.g. wght=500:600:700)
to specify the new default value explicitly.
- [otlLib/featureVars] Set a few Count values so one doesn't need to compile the font
to update them (2860).
- [varLib.models] Make extrapolation work for 2-master models as well where one master
is at the default location (2843, 2846).
Add optional extrapolate=False to normalizeLocation() (2847, 2849).
- [varLib.cff] Fixed sub-optimal packing of CFF2 deltas by no longer rounding them to
integer (2838).
- [scaleUpem] Calculate numShorts in VarData after scale; handle CFF hintmasks (2840).

4.37.4

Not secure
----------------------------

- [subset] Keep nameIDs used by CPAL palette entry labels (2837).
- [varLib] Avoid negative hmtx values when creating font from variable CFF2 font (2827).
- [instancer] Don't prune stat.ElidedFallbackNameID (2828).
- [unicodedata] Update Scripts/Blocks to Unicode 15.0 (2833).

Page 7 of 37

Links

Releases

Has known vulnerabilities

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.