Skip to content

Update dependency harfbuzz to v14.2.1#9720

Merged
radarhere merged 1 commit into
mainfrom
renovate/harfbuzz-14.x
Jun 25, 2026
Merged

Update dependency harfbuzz to v14.2.1#9720
radarhere merged 1 commit into
mainfrom
renovate/harfbuzz-14.x

Conversation

@renovate

@renovate renovate Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
harfbuzz patch 14.2.014.2.1

Release Notes

harfbuzz/harfbuzz (harfbuzz)

v14.2.1

Compare Source

  • Various AAT shaping fixes: legacy mort contextual offsets (which could produce out-of-font glyph IDs), in-place deleted-glyph replacements, and overflow in obsolete offset math.
  • Fix Arabic PUA fallback shaping for the isolated lam-alef-maksura ligature.
  • Fix float-to-int overflow in avar2 mapping with malformed fonts.
  • Harden buffer verification after detecting non-monotone clusters.
  • Various COLR v1 fixes: fix handling of .notdef without paint, round alpha consistently, and report the root clip under the font transform.
  • Various Glyph-extents fixes: inclusive rounding, and floating-point scaling before rounding so the reported box always covers the glyph.
  • Various Subsetting fixes: keep the palt spacing feature by default, raise the repacker MAX_SPACES limit, fix a repacker crash on shared LigatureSet nodes, guard gvar size overflow on 32-bit, and fix the post glyph-name sort comparator on macOS.
  • Replace std::sort with an internal quicksort, removing leaked std:: symbols from the libharfbuzz ABI.
  • Harden size computations with saturating arithmetic against 32-bit overflow.
  • Various improvements to the experimental Rust shaper (HarfRust) and font functions (fontations): honor custom font funcs, key shape plans on features, faster buffer handling, and update to HarfRust 0.8.
  • Various fixes to the experimental harfbuzz-gpu and harfbuzz-vector libraries, including a harfbuzz-vector heap buffer overflow and Windows build fixes.
  • Map the Hrkt (Katakana or Hiragana) script tag to the kana OpenType tag.
  • Build configuration: new HB_CONFIG_OVERRIDE_LAST_H override header, decouple HB_NO_DRAW from HB_NO_CFF, and an optional hb-allocator Cargo feature.
  • Various build, CI, and fuzzing fixes.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • On day 3 of the month (* * 3 * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the Dependency label Jun 25, 2026
@radarhere

radarhere commented Jun 25, 2026

Copy link
Copy Markdown
Member

harfbuzz 14.2.1 includes some security fixes, so I thought it was worth including in the next release.

@radarhere radarhere merged commit b98d178 into main Jun 25, 2026
145 of 146 checks passed
@radarhere radarhere deleted the renovate/harfbuzz-14.x branch June 25, 2026 07:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Dependency

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@radarhere