From 7d9a87a7ce6c81c9f17a1d03de0ca9b68f15e7ca Mon Sep 17 00:00:00 2001
From: 1ngabo <162403908+Ingabreezy@users.noreply.github.com>
Date: Fri, 30 Jan 2026 02:07:58 +1100
Subject: [PATCH] Update fonttools version to 4.60.2

Trivy detected CVE-2025-66034 in fonttools 4.57.0, which allows arbitrary file write via malicious .designspace files. Updated fonttools to fixed version 4.60.2
in Asset-Assessment-Scanner-V1/requirements.txt.
---
 Asset-Assessment-Scanner-V1/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Asset-Assessment-Scanner-V1/requirements.txt b/Asset-Assessment-Scanner-V1/requirements.txt
index 0004b20..407b88d 100644
--- a/Asset-Assessment-Scanner-V1/requirements.txt
+++ b/Asset-Assessment-Scanner-V1/requirements.txt
@@ -1,6 +1,6 @@
 defusedxml==0.7.1
 Faker==37.1.0
-fonttools==4.57.0
+fonttools==4.60.2
 fpdf2==2.8.3
 lxml==5.4.0
 numpy==2.0.2