Bumps [fonttools](https://github.com/fonttools/fonttools) from 4.58.4 to 4.58.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fonttools/fonttools/releases">fonttools's releases</a>.</em></p> <blockquote> <h2>4.58.5</h2> <ul> <li>[feaLib] Don't try to combine ligature & multisub rules (<a href="https://redirect.github.com/fonttools/fonttools/issues/3874">#3874</a>).</li> <li>[feaLib/ast] Use weakref proxies to avoid cycles in visitor (<a href="https://redirect.github.com/fonttools/fonttools/issues/3873">#3873</a>).</li> <li>[varLib.instancer] Fixed instancing CFF2 fonts where VarData contains more than 64k items (<a href="https://redirect.github.com/fonttools/fonttools/issues/3858">#3858</a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/fonttools/fonttools/blob/main/NEWS.rst">fonttools's changelog</a>.</em></p> <blockquote> <h2>4.58.5 (released 2025-07-03)</h2> <ul> <li>[feaLib] Don't try to combine ligature & multisub rules (<a href="https://redirect.github.com/fonttools/fonttools/issues/3874">#3874</a>).</li> <li>[feaLib/ast] Use weakref proxies to avoid cycles in visitor (<a href="https://redirect.github.com/fonttools/fonttools/issues/3873">#3873</a>).</li> <li>[varLib.instancer] Fixed instancing CFF2 fonts where VarData contains more than 64k items (<a href="https://redirect.github.com/fonttools/fonttools/issues/3858">#3858</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fonttools/fonttools/commit/ef0fc8f879f9f7fc6ab2b58d129692de74d9d791"><code>ef0fc8f</code></a> Release 4.58.5</li> <li><a href="https://github.com/fonttools/fonttools/commit/f7a34d6d7724101c4bc5213b731cac4b991922ad"><code>f7a34d6</code></a> Update NEWS.rst</li> <li><a href="https://github.com/fonttools/fonttools/commit/b1266b6475f58d26501f6766c95a5d0bd5c41b37"><code>b1266b6</code></a> Merge pull request <a href="https://redirect.github.com/fonttools/fonttools/issues/3877">#3877</a> from emmanuel-ferdman/main</li> <li><a href="https://github.com/fonttools/fonttools/commit/a47989cf7dfca3caf9bd3fd457ca83acadab15c7"><code>a47989c</code></a> ttx_test: fix test for --no-recalc-timestamp option</li> <li><a href="https://github.com/fonttools/fonttools/commit/c3277807c5dcc9c0c7836b0d063dc7dfccc5ce32"><code>c327780</code></a> Merge pull request <a href="https://redirect.github.com/fonttools/fonttools/issues/3874">#3874</a> from cmyr/dont-combine-liga-and-multi</li> <li><a href="https://github.com/fonttools/fonttools/commit/c100879b1766a516f582045b10bc5441677bf6af"><code>c100879</code></a> [feaLib] Don't try to combine ligature & multisub rules</li> <li><a href="https://github.com/fonttools/fonttools/commit/75af36804fb595cabd768d2bc3ccf9b64445a014"><code>75af368</code></a> Merge pull request <a href="https://redirect.github.com/fonttools/fonttools/issues/3873">#3873</a> from fonttools/ast-weakref</li> <li><a href="https://github.com/fonttools/fonttools/commit/b56d60ca7a543fce21706b0457379e96acea3316"><code>b56d60c</code></a> Make link back to MCDs a proxy to avoid cycling</li> <li><a href="https://github.com/fonttools/fonttools/commit/0624ecd19fad0e189b367b84f8cc9d5b221b4a8d"><code>0624ecd</code></a> Don’t visit weak reference proxy objects by default</li> <li><a href="https://github.com/fonttools/fonttools/commit/f7ee2503bd7bbd6c25c3fb2af672babb37b53410"><code>f7ee250</code></a> [instancer] Fix CFF2 instancing (<a href="https://redirect.github.com/fonttools/fonttools/issues/3858">#3858</a>)</li> <li>Additional commits viewable in <a href="https://github.com/fonttools/fonttools/compare/4.58.4...4.58.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=fonttools&package-manager=pip&previous-version=4.58.4&new-version=4.58.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>