Deps: Bump the python-packages group with 17 updates

[dependabot]

Bumps the python-packages group with 17 updates:

Package	From	To
django	2.2.28	4.2.6
djangorestframework	3.11.2	3.14.0
weasyprint	59.0	60.1
rope	1.9.0	1.10.0
sentry-sdk	1.31.0	1.32.0
pylint	2.17.5	2.17.7
pylint-django	2.5.3	2.5.4
black	23.9.1	23.10.0
cffi	1.15.1	1.16.0
charset-normalizer	3.2.0	3.3.1
coverage	7.3.1	7.3.2
fonttools	4.42.1	4.43.1
packaging	23.1	23.2
pillow	10.0.1	10.1.0
platformdirs	3.10.0	3.11.0
pytoolconfig	1.2.5	1.2.6
rich	13.5.3	13.6.0

Updates django from 2.2.28 to 4.2.6

Commits

• c22017b [4.2.x] Bumped version for 4.2.6 release.
• be9c27c [4.2.x] Fixed CVE-2023-43665 -- Mitigated potential DoS in django.utils.text....
• 39fc3f4 [4.2.x] Added stub release notes and release date for 4.2.6, 4.1.12, and 3.2.22.
• dd0bf63 [4.2.x] Added warning about flatpages and untrusted users.
• fec4ed0 [4.2.x] Refs #34320 -- Skipped SchemaTests.test_rename_field_with_check_to_tr...
• a148461 [4.2.x] Fixed #34840 -- Avoided casting string base fields on PostgreSQL.
• b08f53f [4.2.x] Refs #34808 -- Doc'd that aggregation functions on empty groups can r...
• c70f08c [4.2.x] Added updating the Django release process on Trac to release steps.
• d485aa2 [4.2.x] Fixed typo in docs/howto/custom-file-storage.txt.
• ff26e6a [4.2.x] Corrected QuerySet.prefetch_related() note about GenericRelation().
• Additional commits viewable in compare view

Updates djangorestframework from 3.11.2 to 3.14.0

Release notes

Sourced from djangorestframework's releases.

Version 3.14.0

• Django 2.2 is no longer supported. #8662
• Django 4.1 compatibility. #8591
• Add --api-version CLI option to generateschema management command. #8663
• Enforce is_valid(raise_exception=False) as a keyword-only argument. #7952
• Stop calling set_context on Validators. #8589
• Return NotImplemented from ErrorDetails.__ne__. #8538
• Don't evaluate DateTimeField.default_timezone when a custom timezone is set. #8531
• Make relative URLs clickable in Browseable API. #8464
• Support ManyRelatedField falling back to the default value when the attribute specified by dot notation doesn't exist. Matches ManyRelatedField.get_attribute to Field.get_attribute. #7574
• Make schemas.openapi.get_reference public. #7515
• Make ReturnDict support dict union operators on Python 3.9 and later. #8302
• Update throttling to check if request.user is set before checking if the user is authenticated. #8370

Version 3.13.1

• Revert schema naming changes with function based @api_view. #8297

Version 3.13.0

• Django 4.0 compatability. #8178
• Add max_length and min_length options to ListSerializer. #8165
• Add get_request_serializer and get_response_serializer hooks to AutoSchema. #7424
• Fix OpenAPI representation of null-able read only fields. #8116
• Respect UNICODE_JSON setting in API schema outputs. #7991
• Fix for RemoteUserAuthentication. #7158
• Make Field constructors keyword-only. #7632

3.12.4

No release notes provided.

Commits

• 2da473c Add 3.14 announcement to the docs
• 58e0a69 Update setup.py to drop Django 2.2 and update release notes (#8666)
• 11bfda9 both statement have dupplicate bodies (#8633)
• 058424c docs: delete duplicate explanation (#8641)
• eb88dfc Add --api-version CLI option to generateschema (#8663)
• f34f156 Remove old deprecation classes for 3.14 release (#8664)
• c6cafc9 Update release-notes.md
• f8b3f38 Update supported versions for 3.14 release (#8662)
• b658915 Version 3.14.0 proposal (#8599)
• 51f1aff Revert 8552 (#8661)
• Additional commits viewable in compare view

Updates weasyprint from 59.0 to 60.1

Release notes

Sourced from weasyprint's releases.

v60.1

Bug fixes

• #1973: Fix crash caused by wrong UTF-8 indices

Contributors

• Guillaume Ayoub

Backers and sponsors

• Spacinov
• Kobalt
• Grip Angebotssoftware
• Manuel Barkhau
• SimonSoft
• Menutech
• KontextWork
• NCC Group
• René Fritz
• Nicola Auchmuty
• Syslifters
• Hammerbacher
• TrainingSparkle
• Daniel Kucharski
• Healthchecks.io
• Yanal-Yvez Fargialla
• WakaTime
• Paheko
• Synapsium
• DocRaptor

v60.0

Read about this release on our blog.

New features

• #1903: Print form fields
• #1922: Add support for textLength and lengthAdjust in SVG text elements
• #1965: Handle <wbr> tag
• #1970: Handle y offset of glyphs
• #1909: Add a --timeout option

Bug fixes

• #1887: Fix footnote-call displayed incorrectly for some fonts
• #1890: Fix page-margin boxes layout algorithm
• #1908: Fix IndexError when rendering PDF version 1.4
• #1906: Apply text transformations to first-letter pseudo elements
• #1915: Avoid footnote appearing before its call

... (truncated)

Changelog

Sourced from weasyprint's changelog.

Version 60.1

Released on 2023-09-29.

Bug fixes:

• [#1973](https://github.com/Kozea/WeasyPrint/issues/1973) <https://github.com/Kozea/WeasyPrint/issues/1973>_: Fix crash caused by wrong UTF-8 indices

Contributors:

• Guillaume Ayoub

Backers and sponsors:

• Spacinov
• Kobalt
• Grip Angebotssoftware
• Manuel Barkhau
• SimonSoft
• Menutech
• KontextWork
• NCC Group
• René Fritz
• Nicola Auchmuty
• Syslifters
• Hammerbacher
• TrainingSparkle
• Daniel Kucharski
• Healthchecks.io
• Yanal-Yvez Fargialla
• WakaTime
• Paheko
• Synapsium
• DocRaptor

Version 60.0

Released on 2023-09-25.

New features:

• [#1903](https://github.com/Kozea/WeasyPrint/issues/1903) <https://github.com/Kozea/WeasyPrint/issues/1903>_: Print form fields
• [#1922](https://github.com/Kozea/WeasyPrint/issues/1922) <https://github.com/Kozea/WeasyPrint/pull/1922>_: Add support for textLength and lengthAdjust in SVG text elements
• [#1965](https://github.com/Kozea/WeasyPrint/issues/1965) <https://github.com/Kozea/WeasyPrint/issues/1965>_:

... (truncated)

Commits

• 01c5e97 Version 60.1
• f5640de Use UTF-8 indices really everywhere
• 563d775 Use "main" as default branch name
• dc6d3fa Version 60.0
• 9596307 Merge pull request #1970 from gauravsamudra/handle-y-offset-of-glyphs
• a8ff8a6 Remove extra line
• cee2a17 Merge pull request #1971 from azhar316/feat-timeout
• d51e211 Fix text rise value
• 29625c6 Fix import order
• 3d91de1 Fix comma removal
• Additional commits viewable in compare view

Updates rope from 1.9.0 to 1.10.0

Changelog

Sourced from rope's changelog.

Release 1.10.0

• #708, #709 Add support for Python 3.12

Commits

• a5fa15b Update CHANGELOG.md
• 0bee51e Bump version
• ef3613b Black
• 00e937c Add build.os key to .readthedocs.yaml
• 3049f35 Update .readthedocs.yaml to use build.tools.python key
• 68630e3 Update readthedocs to use Python 3.11
• cd34ac5 Update current year to 2023
• 11316ec Replace pkg_resources to use importlib
• c4c77d5 Fix deprecation warnings
• 677111a Merge pull request #709 from python-rope/lieryan-py312
• Additional commits viewable in compare view

Updates sentry-sdk from 1.31.0 to 1.32.0

Release notes

Sourced from sentry-sdk's releases.

1.32.0

Various fixes & improvements

• New: Error monitoring for some of the most popular Python GraphQL libraries:

  • Add GQL GraphQL integration (#2368) by @​szokeasaurusrex

    Usage:

      import sentry_sdk
      from sentry_sdk.integrations.gql import GQLIntegration
    sentry_sdk.init(
    dsn='PUBLIC_DSN',
    integrations=[
    GQLIntegration(),
    ],
    )

  • Add Graphene GraphQL error integration (#2389) by @​sentrivana

    Usage:

      import sentry_sdk
      from sentry_sdk.integrations.graphene import GrapheneIntegration
    sentry_sdk.init(
    dsn='PUBLIC_DSN',
    integrations=[
    GrapheneIntegration(),
    ],
    )

  • Add Strawberry GraphQL error & tracing integration (#2393) by @​sentrivana

    Usage:

      import sentry_sdk
      from sentry_sdk.integrations.strawberry import StrawberryIntegration
    sentry_sdk.init(
    dsn='PUBLIC_DSN',
    integrations=[
    # make sure to set async_execution to False if you're executing
    # GraphQL queries synchronously
    StrawberryIntegration(async_execution=True),

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

1.32.0

Various fixes & improvements

• New: Error monitoring for some of the most popular Python GraphQL libraries:

  • Add GQL GraphQL integration (#2368) by @​szokeasaurusrex

    Usage:

      import sentry_sdk
      from sentry_sdk.integrations.gql import GQLIntegration
    sentry_sdk.init(
    dsn='PUBLIC_DSN',
    integrations=[
    GQLIntegration(),
    ],
    )

  • Add Graphene GraphQL error integration (#2389) by @​sentrivana

    Usage:

      import sentry_sdk
      from sentry_sdk.integrations.graphene import GrapheneIntegration
    sentry_sdk.init(
    dsn='PUBLIC_DSN',
    integrations=[
    GrapheneIntegration(),
    ],
    )

  • Add Strawberry GraphQL error & tracing integration (#2393) by @​sentrivana

    Usage:

      import sentry_sdk
      from sentry_sdk.integrations.strawberry import StrawberryIntegration
    sentry_sdk.init(
    dsn='PUBLIC_DSN',
    integrations=[
    # make sure to set async_execution to False if you're executing
    # GraphQL queries synchronously

... (truncated)

Commits

• 805fcf1 Tweak changelog
• c515aae release: 1.32.0
• 53a67e0 Fix mypy errors (#2433)
• f067af2 Capture multiple named groups again (#2432)
• b873a31 Add Strawberry GraphQL integration (#2393)
• 1b445c6 feat(metrics): Make a consistent noop flush behavior (#2428)
• 44ae06e lint: fix pre-commit issues (#2424)
• 62dfec9 feat(metrics): Stronger recursion protection (#2426)
• 99aea33 Remove utcnow, utcfromtimestamp deprecated in Python 3.12 (#2415)
• 59a67d3 Update CONTRIBUTING.md (#2411)
• Additional commits viewable in compare view

Updates pylint from 2.17.5 to 2.17.7

Commits

• dade880 Bump pylint to 2.17.7, update changelog (#9084)
• c2907a9 Upgrade astroid to 2.15.8 on 2.17.x branch (#9081)
• aed51a6 Fix crash in refactoring checker from unaryop with variable (#9075) (#9076)
• b8a7cc5 Bump pylint to 2.17.6, update changelog (#9064)
• a88fbd7 Upgrade astroid to 2.15.7
• aea47d1 [unbalanced-tuple-unpacking] Add a regression tests for #7710
• 24786fa Fix Pyreverse duplicate arrows bug (#9029) (#9039)
• 259fbd2 Fix Pyreverse optional annotation bug (#9016) (#9019)
• 094a774 Fix Pyreverse duplicate annotations (#9012) (#9017)
• 79aac5b Fix duplicate fields Pyreverse bug (#9004) (#9011)
• Additional commits viewable in compare view

Updates pylint-django from 2.5.3 to 2.5.4

Release notes

Sourced from pylint-django's releases.

Version 2.5.4 (10 Oct 2023)

This is a small release to introduce pylint 3 functionality.

Changelog

Sourced from pylint-django's changelog.

Changelog

Version 2.6.0 (14 May 2023)

NOTICE

This version drops support for Python 3.6
Bugfixes

Commits

• 04df42a Bumping black pre-commit hook version
• ac02a06 Bumping version for bugfix release to get pylint 3 support [Build(deps-dev): Bump pytest-django from 4.4.0 to 4.5.1 #407 #405]
• 3b760ed Support for pylint 3.x
• 86bf375 [pre-commit.ci] pre-commit autoupdate
• 57a15ac Beginning cleanup of build, versions and similar to fix CI (#376), remove dep...
• 347ad70 [pre-commit.ci] pre-commit autoupdate
• 36ea72b More CI faff, I hate debugging GitHub actions
• 054b49a Fixing up last pieces of tox config and testing
• 82f64c6 Fixing linting errors
• 1bf1481 Converting to poetry-based packaging, and dropping python 3.6 support
• Additional commits viewable in compare view

Updates black from 23.9.1 to 23.10.0

Release notes

Sourced from black's releases.

23.10.0

Stable style

• Fix comments getting removed from inside parenthesized strings (#3909)

Preview style

• Fix long lines with power operators getting split before the line length (#3942)
• Long type hints are now wrapped in parentheses and properly indented when split across multiple lines (#3899)
• Magic trailing commas are now respected in return types. (#3916)
• Require one empty line after module-level docstrings. (#3932)
• Treat raw triple-quoted strings as docstrings (#3947)

Configuration

• Fix cache versioning logic when BLACK_CACHE_DIR is set (#3937)

Parser

• Fix bug where attributes named type were not acccepted inside match statements (#3950)
• Add support for PEP 695 type aliases containing lambdas and other unusual expressions (#3949)

Output

• Black no longer attempts to provide special errors for attempting to format Python 2 code (#3933)
• Black will more consistently print stacktraces on internal errors in verbose mode (#3938)

Integrations

• The action output displayed in the job summary is now wrapped in Markdown (#3914)

Changelog

Sourced from black's changelog.

23.10.0

Stable style

• Fix comments getting removed from inside parenthesized strings (#3909)

Preview style

• Fix long lines with power operators getting split before the line length (#3942)
• Long type hints are now wrapped in parentheses and properly indented when split across multiple lines (#3899)
• Magic trailing commas are now respected in return types. (#3916)
• Require one empty line after module-level docstrings. (#3932)
• Treat raw triple-quoted strings as docstrings (#3947)

Configuration

• Fix cache versioning logic when BLACK_CACHE_DIR is set (#3937)

Parser

• Fix bug where attributes named type were not accepted inside match statements (#3950)
• Add support for PEP 695 type aliases containing lambdas and other unusual expressions (#3949)

Output

• Black no longer attempts to provide special errors for attempting to format Python 2 code (#3933)
• Black will more consistently print stacktraces on internal errors in verbose mode (#3938)

Integrations

• The action output displayed in the job summary is now wrapped in Markdown (#3914)

Commits

• 9edba85 Prepare release 23.10.0 (#3951)
• bb58807 Fix parser bug where "type" was misinterpreted as a keyword inside a match (#...
• 722735d Fix grammar for type alias support (#3949)
• abe57e3 Treat raw strings like other docstrings (#3947)
• 1648ac5 Fix long lines with power operator(s) getting splitted before line length (#3...
• 6f84f65 Migrate mypy config to pyproject.toml (#3936)
• 3bb9214 CI Test: Deprecating 'Healthcheck.all()' from Hypothesis in fuzz.py (#3945)
• 935f303 Fix test that was not being run (#3939)
• b7717c3 Standardise newlines after module-level docstrings (#3932)
• 7aa37ea Report all stacktraces in verbose mode (#3938)
• Additional commits viewable in compare view

Updates cffi from 1.15.1 to 1.16.0

Release notes

Sourced from cffi's releases.

v1.16.0

• Add support for Python 3.12. With the removal of distutils from Python 3.12, projects using CFFI features that depend on distutils at runtime must add a dependency on setuptools to function under Python 3.12+. CFFI does not declare a runtime setuptools requirement to avoid an unnecessary dependency for projects that do not require it.
• Drop support for end-of-life Python versions (2.7, 3.6, 3.7).
• Add support for PEP517 builds; setuptools is now a required build dependency.
• Declare python_requires metadata for Python 3.8+. This allows unsupported Pythons to continue using previously released sdists and wheels.
• Move project source under src/; a more standard layout that also enables CI to more easily catch packaging errors.

v1.16.0rc2

• Fix packaging issue in v1.16.0rc1.
• Rearrange project sources (src/ layout) so packaging tests can properly detect similar issues in the future.

Full Changelog: python-cffi/cffi@v1.16.0rc1...v1.16.0rc2

v1.16.0rc1

• Add support for Python 3.12. With the removal of distutils from Python 3.12, projects using CFFI features that depend on distutils at runtime must add a dependency on setuptools to function under Python 3.12+. CFFI does not declare a runtime setuptools requirement to avoid an unnecessary dependency for projects that do not require it.
• Drop support for end-of-life Python versions (2.7, 3.6, 3.7).
• Move project home to python-cffi/cffi on GitHub.
• Add support for PEP517 builds; setuptools is now a required build dependency.
• Declare python_requires metadata for Python 3.8+. This allows unsupported Pythons to continue using previously released sdists and wheels.
• Add missing calls to PyObject_GC_UnTrack to avoid ResourceWarning 15c4b71d5e3f2295c0e4773e99b23ac751e02534

Commits

• ba44abd release 1.16.0 (#17)
• c0ad8d9 Add a tool to update release version numbers (#15)
• e20c65d Release 1.16.0rc2 (#13)
• e98d1bb upgrade setup-qemu-action (#8) (#9)
• 158bc5b add a summary job check for easier automated gating (#6) (#7)
• c062f2c enable weekly 1pm Monday scheduled CI run on release-1.16 (#5)
• e847033 make self-hosted aarch64 mac jobs conditional-ish
• 57ff08e remove obsolete test
• ff11e92 release 1.16.0rc1
• 0dc7805 prepare for 1.16.0rc1
• Additional commits viewable in compare view

Updates charset-normalizer from 3.2.0 to 3.3.1

Release notes

Sourced from charset-normalizer's releases.

Version 3.3.1

3.3.1 (2023-10-22)

Changed

• Optional mypyc compilation upgraded to version 1.6.1 for Python >= 3.8
• Improved the general detection reliability based on reports from the community

Release 3.3.0

3.3.0 (2023-09-30)

Added

• Allow to execute the CLI (e.g. normalizer) through python -m charset_normalizer.cli or python -m charset_normalizer
• Support for 9 forgotten encodings that are supported by Python but unlisted in encoding.aliases as they have no alias (#323)

Removed

• (internal) Redundant utils.is_ascii function and unused function is_private_use_only
• (internal) charset_normalizer.assets is moved inside charset_normalizer.constant

Changed

• (internal) Unicode code blocks in constants are updated using the latest v15.0.0 definition to improve detection
• Optional mypyc compilation upgraded to version 1.5.1 for Python >= 3.8

Fixed

• Unable to properly sort CharsetMatch when both chaos/noise and coherence were close due to an unreachable condition in __lt__ (#350)

Changelog

Sourced from charset-normalizer's changelog.

3.3.1 (2023-10-22)

Changed

• Optional mypyc compilation upgraded to version 1.6.1 for Python >= 3.8
• Improved the general detection reliability based on reports from the community

3.3.0 (2023-09-30)

Added

• Allow to execute the CLI (e.g. normalizer) through python -m charset_normalizer.cli or python -m charset_normalizer
• Support for 9 forgotten encoding that are supported by Python but unlisted in encoding.aliases as they have no alias (#323)

Removed

• (internal) Redundant utils.is_ascii function and unused function is_private_use_only
• (internal) charset_normalizer.assets is moved inside charset_normalizer.constant

Changed

• (internal) Unicode code blocks in constants are updated using the latest v15.0.0 definition to improve detection
• Optional mypyc compilation upgraded to version 1.5.1 for Python >= 3.8

Fixed

• Unable to properly sort CharsetMatch when both chaos/noise and coherence were close due to an unreachable condition in __lt__ (#350)

Commits

• 5208644 🔖 Release 3.3.1 (#367)
• 66966f1 ❇️ Improve the detection around some cases (#366)
• 49653a6 ⬆️ Bump actions/setup-python from 4.7.0 to 4.7.1 (#359)
• f6a66ed ⬆️ Bump pypa/cibuildwheel from 2.16.0 to 2.16.2 (#361)
• bace468 ⬆️ Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#362)
• f0e1755 ⬆️ Bump github/codeql-action from 2.21.9 to 2.22.3 (#363)
• 749ed7f ⬆️ Bump mypy from 1.5.1 to 1.6.0 (#364)
• 165211a 🔖 Release 3.3.0 (#353)
• 5aed9a4 🐛 Fix unreachable code in the sorting algorithm of CharsetMatch (#352)
• 061a71b ⬆️ Bump actions/checkout from 4.0.0 to 4.1.0 (#348)
• Additional commits viewable in compare view

Updates coverage from 7.3.1 to 7.3.2

Changelog

Sourced from coverage's changelog.

Version 7.3.2 — 2023-10-02

• The coverage lcov command ignored the [report] exclude_lines and [report] exclude_also settings (issue 1684). This is now fixed, thanks Jacqueline Lee <pull 1685_>.

• Sometimes SQLite will create journal files alongside the coverage.py database files. These are ephemeral, but could be mistakenly included when combining data files. Now they are always ignored, fixing issue 1605_. Thanks to Brad Smith for suggesting fixes and providing detailed debugging.

• On Python 3.12+, we now disable SQLite writing journal files, which should be a little faster.

• The new 3.12 soft keyword type is properly bolded in HTML reports.

• Removed the "fullcoverage" feature used by CPython to measure the coverage of early-imported standard library modules. CPython stopped using it <88054_>_ in 2021, and it stopped working completely in Python 3.13.

.. _issue 1605: nedbat/coveragepy#1605 .. _issue 1684: nedbat/coveragepy#1684 .. _pull 1685: nedbat/coveragepy#1685 .. _88054: python/cpython#88054

.. _changes_7-3-1:

Commits

• a316513 build: fix the pypy wheel arguments
• 7ec2c62 docs: sample HTML for 7.3.2
• ffd954f docs: prep for 7.3.2
• 1ea3907 refactor: don't access frame structs directly
• 7b8dec9 feat!: remove fullcoverage, it doesn't work in 3.13
• 1040bce refactor: remove unused interned strings
• 9ab9e0c fix: 3.12 soft keyword type is bolded in HTML
• 8624ce9 fix: really turn off SQLite journal files on 3.12+
• 604aafa chore: make upgrade
• 7c25ba0 fix: don't combine journal files. #1605
• Additional commits viewable in compare view

Updates fonttools from 4.42.1 to 4.43.1

Release notes

Sourced from fonttools's releases.

4.43.1

• [EBDT] Fixed TypeError exception in _reverseBytes method triggered when dumping some bitmap fonts with ttx -z bitwise option (#3162).
• [v/hhea] Fixed UnboundLocalError exception in recalc method when no vmtx or hmtx tables are present (#3290).
• [bezierTools] Fixed incorrectly typed cython local variable leading to TypeError when calling calcQuadraticArcLength (#3288).
• [feaLib/otlLib] Better error message when building Coverage table with missing glyph (#3286).

4.43.0

• [subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/
• [varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).
• [varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).
• [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).
• Added support for Python 3.12 (#3283).

Changelog

Sourced from fonttools's changelog.

4.43.1 (released 2023-10-06)

• [EBDT] Fixed TypeError exception in _reverseBytes method triggered when dumping some bitmap fonts with ttx -z bitwise option (#3162).
• [v/hhea] Fixed UnboundLocalError exception in recalc method when no vmtx or hmtx tables are present (#3290).
• [bezierTools] Fixed incorrectly typed cython local variable leading to TypeError when calling calcQuadraticArcLength (#3288).
• [feaLib/otlLib] Better error message when building Coverage table with missing glyph (#3286).

4.43.0 (released 2023-09-29)

• [subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/
• [varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).
• [varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).
• [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).
• Added support for Python 3.12 (#3283).

Commits

• f8857f6 Release 4.43.1
• bfd5e56 Update changelog [skip ci]
• 5c8bce1 Merge pull request #3162 from robhagemans/bugfix-ebdt-reversebytes
• 6288e9e Merge pull request #3290 from fonttools/vhhea-without-vhmtx
• 442576f Fix UnbouldLocalError and let {h,v}hea be no-op when no {v,h}mtx is present
• 4e2f80c Merge pull request #3288 from fonttools/fix-calc-quadratic-arc-length
• 21dea1e fix incorrectly typed cython local variable
• c5295d2 Better OTL builder errors (#3286)
• 05dc231 Create SECURITY.md
• f95105b Bump version: 4.43.0 → 4.43.1.dev0
• Additional commits viewable in compare view

Updates packaging from 23.1 to 23.2

Release notes

Sourced from packaging's releases.

23.2

What's Changed

• parse_marker should consume the entire source string by @​mwerschy in pypa/packaging#687
• Create a Security Policy file by @​joycebrum in pypa/packaging#695
• Add python 3.12 to CI by @​mayeut in pypa/packaging#689
• Remove URL validation from requirement parsing by @​uranusjr in pypa/packaging#684
• Add types for packaging.version._Version by @​hauntsaninja in pypa/packaging#665
• Add PyPy 3.10 to CI by @​mayeut in pypa/packaging#699
• Remove unused argument in _manylinux._is_compatible by @​mayeut in pypa/packaging#700
• Canonicalize names for requirements comparison by @​astrojuanlu in pypa/packaging#696
• Add platform tag support for LoongArch by @​loongson-zn in pypa/packaging#693
• Ability to install armv7l manylinux/musllinux wheels on armv8l by @​mayeut in pypa/packaging#690
• Include CHANGELOG.rst in sdist by @​astrojuanlu in pypa/packaging#704
• Update pyupgrade to Python 3.7+ by @​fangchenli in pypa/packaging#580
• Fix version pattern pre-releases by @​deathaxe in pypa/packaging#705
• Fix typos found by codespell by @​DimitriPapadopoulos in pypa/packaging#706
• Support enriched metadata by @​brettcannon in pypa/packaging#686
• Correct rST syntax in CHANGELOG.rst by @​atugushev in pypa/packaging#709
• fix: platform tag for GraalPy by @​mayeut in pypa/packaging#711
• Document that this library uses a calendar-based versioning scheme by @​faph in pypa/packaging#717
• fix: Update copyright date for docs by @​garrypolley in pypa/packaging#713
• Bump pip version to avoid known vulnerabilities by @​joycebrum in pypa/packaging#720
• Typing annotations fixed in version.py by @​jolaf in pypa/packaging#723
• parse_{sdist,wheel}_filename: don't raise InvalidVersion by @​SpecLad in pypa/packaging#721
• Fix code blocks in CHANGELOG.md by

[codecov]

Codecov Report

Merging #833 (ed15eeb) into main (b260db9) will increase coverage by 0.07%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main     #833      +/-   ##
==========================================
+ Coverage   88.58%   88.65%   +0.07%     
==========================================
  Files          35       35              
  Lines        1331     1331              
==========================================
+ Hits         1179     1180       +1     
+ Misses        152      151       -1     

see 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more