Update fonttools requirement from >=4.43.0 to >=4.62.1

[dependabot]

Updates the requirements on fonttools to permit the latest version.

Release notes

Sourced from fonttools's releases.

4.62.1

• [feaLib] Extend contextual rule merging to all rule types: single subst, GSUB/GPOS named lookups, ignore rules, and chained alternate subst (#4061).

Changelog

Sourced from fonttools's changelog.

4.62.1 (released 2026-03-13)

• [feaLib] Extend contextual rule merging to all rule types: single subst, GSUB/GPOS named lookups, ignore rules, and chained alternate subst (#4061).

4.62.0 (released 2026-03-09)

• [diff] Add new fonttools diff command for comparing font files, imported from the fdiff project and heavily reworked (#1190, #4007, #4009, #4011, #4013, #4019).
• [feaLib] Fix VariableScalar interpolation bug with non-linear avar mappings. Also decouple VariableScalar from compiled fonts, allowing it to work with designspace data before compilation (#3938, #4054).
• [feaLib] Fix VariableScalar axis ordering and iterative delta rounding to match fontc behavior (#4053).
• [feaLib] Merge chained multi subst rules with same context into a single subtable instead of emitting one subtable per glyph (#4016, #4058).
• [feaLib] Pass location to ConditionsetStatement to fix glyphsLib round-tripping fontra/fontra-glyphs#130#4057).
• [feaLib] Write 0xFFFF instead of 0 for missing nameIDs in cv feature params (#4010, #4012).
• [cmap] Fix CmapSubtable.__lt__() TypeError on Python 3 when subtables share the same encoding record, and add compile-time validation for unique encoding records (#4035, #4055).
• [svgLib] Skip non-element XML nodes (comments, processing instructions) when drawing SVG paths (#4042, #4043).
• [glifLib] Fix regression reading glyph outlines when glyphObject=None (#4030, #4031).
• [pointPen] Fix SegmentToPointPen edge case: only remove a duplicate final point on closePath() if it is an on-curve point (#4014, #4015).
• [cffLib] SECURITY Replace eval() with safeEval() in parseBlendList() to prevent arbitrary code execution from crafted TTX files (#4039, #4040).
• [ttLib] Remove defunct Adobe SING Glyphlet tables (META, SING, GMAP, GPKG) (#4044).
• [varLib.interpolatable] Various bugfixes: fix swapped nodeTypes assignment, duplicate kink-detector condition, typos, CFF2 vsindex parsing, glyph existence check, and plot helpers (#4046).
• [varLib.models] Fix getSubModel not forwarding extrapolate/axisRanges; check location uniqueness after stripping zeros (#4047).
• [varLib] Fix --variable-fonts filter in build_many; remove dead code and fix comments (#4048).
• [avar] Preserve existing name table in build; keep unbuild return types consistent; validate map CLI coordinates (#4051).
• [cu2qu/qu2cu] Add input validation: reject non-positive tolerances, validate curve inputs and list lengths (#4052).
• [colorLib] Raise a clear ColorLibError when base glyphs are missing from glyphMap, instead of a confusing KeyError (#4041).
• [glyf] Remove unnecessary fvar table dependency (#4017).
• [fvar/trak] Remove unnecessary name table dependency (#4018).
• [ufoLib] Relax guideline validation to follow the updated spec (#3537, #3553).

... (truncated)

Commits

• da54a29 Release 4.62.1
• ad47e60 Merge pull request #4061 from fonttools/merge-chained-rules
• 8060f6a Rename _merge_contextual_rule to _add_contextual_rule
• 0903764 Reuse and merge chained alternate subst lookups
• bbdcfc2 Add tests for contextual rule merge optimization
• 2a6072f Merge consecutive contextual rules with same context
• 11e9bfa Fix typo in cu2qu help message
• 211171b Bump version: 4.62.0 → 4.62.1.dev0
• 0aee8a7 Merge pull request #4060 from fonttools/remove-py23-pipe-test
• ee39ede [tests] Remove obsolete py23 OpenFuncWrapperTest
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

This change is 

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[netlify]

❌ Deploy Preview for heroic-strudel-239c3c failed. Why did it fail? →

Name	Link
🔨 Latest commit	a29c2f8
🔍 Latest deploy log	https://app.netlify.com/projects/heroic-strudel-239c3c/deploys/69e8944fcf9b1c00082226d2

[netlify]

❌ Deploy Preview for joyful-gelato-ff27ed failed. Why did it fail? →

Name	Link
🔨 Latest commit	a29c2f8
🔍 Latest deploy log	https://app.netlify.com/projects/joyful-gelato-ff27ed/deploys/69e8944fb447ef0008bc0d29

[github-actions]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric	Results
Complexity	0
Duplication	0

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes. Give us feedback}