From 30519f5180679df4c350cf62faacb6cc5bbe4096 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 18 Mar 2024 15:55:55 +0000
Subject: [PATCH 1/2] Update dependency beautifulsoup4 to v4.12.3

---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 2d2fe4fab9..4217d7a745 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 adba @ https://codeload.github.com/pymedusa/adba/tar.gz/37b0c74e76b40b3dbde29e71da75a1808eb121de
 babelfish==0.6.0
-beautifulsoup4==4.12.2
+beautifulsoup4==4.12.3
 bencode.py==4.0.0
 CacheControl==0.13.1
 certifi==2023.7.22

From 8aa1f0dde336f19cf6d2b3ba8ac07d563244cfc8 Mon Sep 17 00:00:00 2001
From: Dario <medariox@users.noreply.github.com>
Date: Mon, 18 Mar 2024 17:01:55 +0100
Subject: [PATCH 2/2] Update lib

---
 ext/bs4/__init__.py                           |   4 +-
 ext/bs4/builder/__init__.py                   |  13 ++-
 ext/bs4/builder/_html5lib.py                  |   4 +-
 ext/bs4/builder/_htmlparser.py                |   2 +-
 ext/bs4/builder/_lxml.py                      |   4 +-
 ext/bs4/element.py                            |   7 +-
 ext/bs4/formatter.py                          |   4 +-
 ext/bs4/tests/__init__.py                     |   2 +-
 ...mized-bs4_fuzzer-4670634698080256.testcase |   1 +
 ...mized-bs4_fuzzer-5000587759190016.testcase | Bin 0 -> 15347 bytes
 ...mized-bs4_fuzzer-5270998950477824.testcase | Bin 0 -> 12 bytes
 ...mized-bs4_fuzzer-5375146639360000.testcase |   1 +
 ...mized-bs4_fuzzer-5492400320282624.testcase | Bin 0 -> 11502 bytes
 ...mized-bs4_fuzzer-6306874195312640.testcase |   1 +
 ...a2b26f13537b68d3794b0478a4090ee4a.testcase | Bin 0 -> 103 bytes
 ext/bs4/tests/test_fuzz.py                    |  95 +++++++++++++++++-
 ext/bs4/tests/test_tag.py                     |  13 +++
 ext/readme.md                                 |   2 +-
 18 files changed, 134 insertions(+), 19 deletions(-)
 create mode 100644 ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-4670634698080256.testcase
 create mode 100644 ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5000587759190016.testcase
 create mode 100644 ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5270998950477824.testcase
 create mode 100644 ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5375146639360000.testcase
 create mode 100644 ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5492400320282624.testcase
 create mode 100644 ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-6306874195312640.testcase
 create mode 100644 ext/bs4/tests/fuzz/crash-ffbdfa8a2b26f13537b68d3794b0478a4090ee4a.testcase

diff --git a/ext/bs4/__init__.py b/ext/bs4/__init__.py
index 3d2ab09aac..d8ad5e1dc1 100644
--- a/ext/bs4/__init__.py
+++ b/ext/bs4/__init__.py
@@ -15,8 +15,8 @@
 """
 
 __author__ = "Leonard Richardson (leonardr@segfault.org)"
-__version__ = "4.12.2"
-__copyright__ = "Copyright (c) 2004-2023 Leonard Richardson"
+__version__ = "4.12.3"
+__copyright__ = "Copyright (c) 2004-2024 Leonard Richardson"
 # Use of this source code is governed by the MIT license.
 __license__ = "MIT"
 
diff --git a/ext/bs4/builder/__init__.py b/ext/bs4/builder/__init__.py
index 2e3974587e..ffb31fc25e 100644
--- a/ext/bs4/builder/__init__.py
+++ b/ext/bs4/builder/__init__.py
@@ -514,15 +514,19 @@ class DetectsXMLParsedAsHTML(object):
     XML_PREFIX_B = b'<?xml'
     
     @classmethod
-    def warn_if_markup_looks_like_xml(cls, markup):
+    def warn_if_markup_looks_like_xml(cls, markup, stacklevel=3):
         """Perform a check on some markup to see if it looks like XML
         that's not XHTML. If so, issue a warning.
 
         This is much less reliable than doing the check while parsing,
         but some of the tree builders can't do that.
 
+        :param stacklevel: The stacklevel of the code calling this
+        function.
+
         :return: True if the markup looks like non-XHTML XML, False
         otherwise.
+
         """
         if isinstance(markup, bytes):
             prefix = cls.XML_PREFIX_B
@@ -535,15 +539,16 @@ def warn_if_markup_looks_like_xml(cls, markup):
             and markup.startswith(prefix)
             and not looks_like_html.search(markup[:500])
         ):
-            cls._warn()
+            cls._warn(stacklevel=stacklevel+2)
             return True
         return False
 
     @classmethod
-    def _warn(cls):
+    def _warn(cls, stacklevel=5):
         """Issue a warning about XML being parsed as HTML."""
         warnings.warn(
-            XMLParsedAsHTMLWarning.MESSAGE, XMLParsedAsHTMLWarning
+            XMLParsedAsHTMLWarning.MESSAGE, XMLParsedAsHTMLWarning,
+            stacklevel=stacklevel
         )
         
     def _initialize_xml_detector(self):
diff --git a/ext/bs4/builder/_html5lib.py b/ext/bs4/builder/_html5lib.py
index dac2173214..7c46a85118 100644
--- a/ext/bs4/builder/_html5lib.py
+++ b/ext/bs4/builder/_html5lib.py
@@ -77,7 +77,9 @@ def prepare_markup(self, markup, user_specified_encoding,
 
         # html5lib only parses HTML, so if it's given XML that's worth
         # noting.
-        DetectsXMLParsedAsHTML.warn_if_markup_looks_like_xml(markup)
+        DetectsXMLParsedAsHTML.warn_if_markup_looks_like_xml(
+            markup, stacklevel=3
+        )
 
         yield (markup, None, None, False)
 
diff --git a/ext/bs4/builder/_htmlparser.py b/ext/bs4/builder/_htmlparser.py
index e065096bd4..3cc187f892 100644
--- a/ext/bs4/builder/_htmlparser.py
+++ b/ext/bs4/builder/_htmlparser.py
@@ -378,10 +378,10 @@ def feed(self, markup):
         parser.soup = self.soup
         try:
             parser.feed(markup)
+            parser.close()
         except AssertionError as e:
             # html.parser raises AssertionError in rare cases to
             # indicate a fatal problem with the markup, especially
             # when there's an error in the doctype declaration.
             raise ParserRejectedMarkup(e)
-        parser.close()
         parser.already_closed_empty_element = []
diff --git a/ext/bs4/builder/_lxml.py b/ext/bs4/builder/_lxml.py
index 971c81e56f..4f7cf74681 100644
--- a/ext/bs4/builder/_lxml.py
+++ b/ext/bs4/builder/_lxml.py
@@ -179,7 +179,9 @@ def prepare_markup(self, markup, user_specified_encoding=None,
             self.processing_instruction_class = ProcessingInstruction
             # We're in HTML mode, so if we're given XML, that's worth
             # noting.
-            DetectsXMLParsedAsHTML.warn_if_markup_looks_like_xml(markup)
+            DetectsXMLParsedAsHTML.warn_if_markup_looks_like_xml(
+                markup, stacklevel=3
+            )
         else:
             self.processing_instruction_class = XMLProcessingInstruction
 
diff --git a/ext/bs4/element.py b/ext/bs4/element.py
index 9c73957c3f..0aefe734b2 100644
--- a/ext/bs4/element.py
+++ b/ext/bs4/element.py
@@ -1356,7 +1356,7 @@ def _clone(self):
         This is the first step in the deepcopy process.
         """
         clone = type(self)(
-            None, self.builder, self.name, self.namespace,
+            None, None, self.name, self.namespace,
             self.prefix, self.attrs, is_xml=self._is_xml,
             sourceline=self.sourceline, sourcepos=self.sourcepos,
             can_be_empty_element=self.can_be_empty_element,
@@ -1845,6 +1845,11 @@ def _indent_string(self, s, indent_level, formatter,
         return space_before + s + space_after
 
     def _format_tag(self, eventual_encoding, formatter, opening):
+        if self.hidden:
+            # A hidden tag is invisible, although its contents
+            # are visible.
+            return ''
+
         # A tag starts with the < character (see below).
 
         # Then the / character, if this is a closing tag.
diff --git a/ext/bs4/formatter.py b/ext/bs4/formatter.py
index c821318d9b..9fa1b57cb6 100644
--- a/ext/bs4/formatter.py
+++ b/ext/bs4/formatter.py
@@ -51,7 +51,7 @@ def __init__(
             void_element_close_prefix='/', cdata_containing_tags=None,
             empty_attributes_are_booleans=False, indent=1,
     ):
-        """Constructor.
+        r"""Constructor.
 
         :param language: This should be Formatter.XML if you are formatting
            XML markup and Formatter.HTML if you are formatting HTML markup.
@@ -76,7 +76,7 @@ def __init__(
             negative, or "" will only insert newlines. Using a
             positive integer indent indents that many spaces per
             level. If indent is a string (such as "\t"), that string
-            is used to indent each level. The default behavior to
+            is used to indent each level. The default behavior is to
             indent one space per level.
         """
         self.language = language
diff --git a/ext/bs4/tests/__init__.py b/ext/bs4/tests/__init__.py
index dbb1593e25..325affefcd 100644
--- a/ext/bs4/tests/__init__.py
+++ b/ext/bs4/tests/__init__.py
@@ -1105,7 +1105,7 @@ def test_find_by_prefixed_name(self):
         doc = """<?xml version="1.0" encoding="utf-8"?>
 <Document xmlns="http://example.com/ns0"
     xmlns:ns1="http://example.com/ns1"
-    xmlns:ns2="http://example.com/ns2"
+    xmlns:ns2="http://example.com/ns2">
     <ns1:tag>foo</ns1:tag>
     <ns1:tag>bar</ns1:tag>
     <ns2:tag key="value">baz</ns2:tag>
diff --git a/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-4670634698080256.testcase b/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-4670634698080256.testcase
new file mode 100644
index 0000000000..4828f8a423
--- /dev/null
+++ b/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-4670634698080256.testcase
@@ -0,0 +1 @@
+ ےے      ے <css
\ No newline at end of file
diff --git a/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5000587759190016.testcase b/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5000587759190016.testcase
new file mode 100644
index 0000000000000000000000000000000000000000..8a585ce9270e58b125922297f2d099298adac822
GIT binary patch
literal 15347
zcmeHOKW`H;6u+P#aRU+(18Xxd6l%E*Nl7L5s!A+KhygMnL5ETmLX<?PJyte0CL%rt
z-=T;FF(ENB@(ma&AtcP%XW#k$IriN-Z5rQDRTtmAzkcucp5K8Leqs6#I&Q)f4-I_O
zIvDI99UuDJZ~Pa?_l#cXYCv&3a@U3~o<MgULdR*i7*2k=T}T-UnIcQvU=5t``{84f
zd+p$Pvc40(C$YXK+yl`&?!oUK2>BVgZv$er@K!|sD^YeJSDOAWa&ttPlG6X?Atl{}
z^qDpjS}5Y|WIWoTq(csczd4*??66BhVoGhy6y1ZDBgWIhQ~nf$4?LB=<Nb%}>5tQo
zxX3XIMJ!OhCjE@@G@nnHL!!ULItAw?J4Na|Tz{fnYNoHpCUhroxQ^Xm|6~3AZ`jNU
z_1CN>Z8L2Ov5UvVto$ukPyf~8Z<hX~6#b3d_z%!{-yeAB1`9NMyM1qO&l7UOogAGQ
zl^=NtpQuazviVP&{%GvGqoG@0m>|ZG_z+Cw)}rtPVgJ$Y!^aQq_qB2x+d@%#VL&Ee
zscL#D6CO7NUrf^%e&SnKww(HyG#lR3!%5nHqKHLiq!Uq%XT(ATAI~R!c+#u~ktD)W
z#Z-lH42O%htTt3XpZZq_8E}9wb>zG-$Bf4}bwbGBM0e%#VflQ3>E%3$>n4SKSi0u<
zER%m$TsEp5i<T@}qHPTUEhcv7Ebk;C(4r;nDn&K*$l#AfOJ$o^7d%^Aw8TSNy1<xS
zG0dr8SS+*@!#|GTOrj-jJWfkHA62Nz@@R$kR3mm;GhIx2cS`krqFAWZ@Xr$?%~;qI
z)@Lkjo?OMOmU0=rxa{CdLrf1mK$<6$@>fAh3ZBVWkB$KNF37662`3#lv#vffpN$8m
zN~NsW&nsp9m$XI|Y?vkxR-@e#J2vfv={I9yD{8L>?bJ5jl{m^X>DgR>Pz4nzY55>9
zaJF$P4nM{r0N0v8sLEMw1+^QiLKN+(xQwxB!0bXrBv?Z{w${rqtoY4t<kH9HrRXnT
zlO}m&(S@HfY0e&L#UYME1nK^>O&Vk2ajs38ITfhY1|%rRV$pMf6PhuP>A~gb(by@6
zIYN?5j_g2E=LC?WXmn7m$gyJwVL_x)6E>WMna*0~7+ng6=am8TKe^U~eF_~XCRZkW
z#PW{M(|AZY!jT)*wowa!XyA7C+-+hS<O0pzCgh6E7!NxvFeZ~0IT>%aO@_kcpK7$)
zCWCD<@Kz>oC}@WX+hj0SGTJ5s9fT9I*)juIwVk>gO$LI&wIfvqDdYl5f{7)#xCTIF
z2SI2-qp#%56T}6sGt3_+us`Vd;ONzB-y@~Ll>LlA@XZVW@(&<po)i<m6QeRGDnY2v
z9OvIPm9G~S{BAYR@Bf;dq<)&MJwy4!@-P^w7NWDeR<#Pb!q4#9a1xy1MF!`$SwDuh
vw*VOhZ}-}FH@CJr!dFs#+J9^A-1d;;d}$CT0HEce@u9!JB7DdTdLH@@>R0YF

literal 0
HcmV?d00001

diff --git a/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5270998950477824.testcase b/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5270998950477824.testcase
new file mode 100644
index 0000000000000000000000000000000000000000..fd411427d765e9b17e1e6a015485a70632bb9554
GIT binary patch
literal 12
TcmY$eDbjbbRX@cb^ZOhC75W5K

literal 0
HcmV?d00001

diff --git a/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5375146639360000.testcase b/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5375146639360000.testcase
new file mode 100644
index 0000000000..6248b2c54f
--- /dev/null
+++ b/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5375146639360000.testcase
@@ -0,0 +1 @@
+ے                 ><applet></applet><applet></applet><apple|><applet><applet><appl›„><applet><applet></applet></applet></applet></applet><applet></applet><apple>t<applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet>et><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><azplet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><plet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet><applet></applet></applet></applet></applet></appt></applet></applet></applet></applet></applet></applet></applet></applet></applet></applet></applet></applet></applet></applet></applet></applet></applet></applet><<meta charset=utf-8>
\ No newline at end of file
diff --git a/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5492400320282624.testcase b/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-5492400320282624.testcase
new file mode 100644
index 0000000000000000000000000000000000000000..107da539fc15bd1664e35287ace9feda21cb5820
GIT binary patch
literal 11502
zcmeHNy>HV%6gOf+VqhSEDxuawNKi#?;xtXg#SCTdK!q3y#cd3AnkG&P3ldWY7XAYy
zCT0f2N_Q3{#Kh8pfq{iTAiQ_)?sEPrNt;$FI=4Ds&hO(s-o1P8XBP^E%c~a(bbUIR
z>pt6&8VYYetR1|1@3DT}-suHUu57m=zZDhNUbKCCoqp6en~h@8f`8Us?*#40@z@;v
zvWixx>qm8ug?`kSZAMZ199wmM)@|Fljl~QWU$J;93#i=Gnw~*BlHQ#|0?zbH*5<R>
zb%|;A>ykT1x$T5V0o|~j6!-jKFyP&Q0fx?{e_SD_qO!^BSE=P1b3*t-8C14p{iSNc
z2V3ItzI+T%ukbpRx(HH0EkaF-OQ}&>bS_;QQIeM5QcmbNA;V7VgCSi+Ka`)}b4~+u
zIOf`Y|F-|bcGS`*xVc><+HeK=DuR7kbb;M|VG*n$UVC7lv5TH2TY-e=Ct3={xQ+R4
zwyZppvo(W_ZxdtZ*><ik>Zz`2*oa8?n9GW;CglX<eyGQ0PVKU2(q=ZcJE6ydZqRz-
zKi4X+#RR9H9Nw~eZzUm#=pSmbb0pkiQRDH}dCLk~?Y(F=g0shC-To$UihEbyu@QcJ
z#JeJqRPwH<1s8ZVPMalAk^s*r@<vyj);Zhp`+QVdq15-i0J`}H#w9$_0fSZPKDa>x
z<}63=pqMsNj5^<?yO*3bMLgPcgJ%_kAx2&0v1cD7OW~vSh8Qvi$-9+R2>H-eT8Y@E
zP=-sP&U&-KBcEQhQFN;n4^K@xO-DQbCK=e7a4zp`HQ}5I=Oz-?nQ%^KGA3<_C5<L+
z$<OrkJbRks+d)PQtd4uVGR*-lhFnt?-I}yVH=eB2=)}{WDYS}sHe+%g%tRn<<(X>=
zlRW%*ktfj|g`Fl))G`RHqfkU^=K$nAEVm4Oss1xm@?`cmF%gp;&h|LjDKbyFFvm(o
zWHM`)cSw5|y>6c;zMKmSo<Xv}tt^ylWw%;gE-x&*wMx~6e|M=;U0ABPrKM`ETq;!-
zs|q&|GI1m5xKX+e3WSm&=)i)-gdow2A&KlWW~Xn2RIR&6_((BPUW{|F3kBYB0$c4K
zKpqxA9?$^}q-)vbq@~&=-6le32<gfQ&p^gQ<1p~z_^70T7jak1-7W9RyBx`P>Rv`l
zPeWS<Ud);&^2X`_$#&hb1<O9avSg>%fLuIZqeLOxJve;>FPgW-2pF5U#T0&+x5X53
zjQLv8ye*brDwwY#Fm>Y}L;QzdMc~-Z@auB}FN(+qLgC{?R>|o0jGKi4oeBP!uvKWO
zmx{C@5I3Jxz--`-k(ePz3Jtudax^kV11};Vc?{4p4le@a3||N1H!?MkT}(oo#aihv
D9d3o5

literal 0
HcmV?d00001

diff --git a/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-6306874195312640.testcase b/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-6306874195312640.testcase
new file mode 100644
index 0000000000..b60a250cad
--- /dev/null
+++ b/ext/bs4/tests/fuzz/clusterfuzz-testcase-minimized-bs4_fuzzer-6306874195312640.testcase
@@ -0,0 +1 @@
+-      ےے  <math><select><mi><select><select>t
\ No newline at end of file
diff --git a/ext/bs4/tests/fuzz/crash-ffbdfa8a2b26f13537b68d3794b0478a4090ee4a.testcase b/ext/bs4/tests/fuzz/crash-ffbdfa8a2b26f13537b68d3794b0478a4090ee4a.testcase
new file mode 100644
index 0000000000000000000000000000000000000000..885711554056588a381fd9a251d48ce76a916a59
GIT binary patch
literal 103
zcma!IT*$!C&%p3|?)u|48N3V(Hi{|v$wno$1*wb-3(;hvkz^S9^*|aEj@#ts@G|Jx
OROIF`00A~ppfmtd#~j4~

literal 0
HcmV?d00001

diff --git a/ext/bs4/tests/test_fuzz.py b/ext/bs4/tests/test_fuzz.py
index f778539a84..f29802d420 100644
--- a/ext/bs4/tests/test_fuzz.py
+++ b/ext/bs4/tests/test_fuzz.py
@@ -14,30 +14,75 @@
     BeautifulSoup,
     ParserRejectedMarkup,
 )
+try:
+    from soupsieve.util import SelectorSyntaxError
+    import lxml
+    import html5lib
+    fully_fuzzable = True
+except ImportError:
+    fully_fuzzable = False
+    
 
+@pytest.mark.skipif(not fully_fuzzable, reason="Prerequisites for fuzz tests are not installed.")
 class TestFuzz(object):
 
     # Test case markup files from fuzzers are given this extension so
     # they can be included in builds.
     TESTCASE_SUFFIX = ".testcase"
 
+    # Copied 20230512 from
+    # https://github.com/google/oss-fuzz/blob/4ac6a645a197a695fe76532251feb5067076b3f3/projects/bs4/bs4_fuzzer.py
+    #
+    # Copying the code lets us precisely duplicate the behavior of
+    # oss-fuzz.  The downside is that this code changes over time, so
+    # multiple copies of the code must be kept around to run against
+    # older tests. I'm not sure what to do about this, but I may
+    # retire old tests after a time.
+    def fuzz_test_with_css(self, filename):
+        data = self.__markup(filename)
+        parsers = ['lxml-xml', 'html5lib', 'html.parser', 'lxml']
+        try:
+            idx = int(data[0]) % len(parsers)
+        except ValueError:
+            return
+
+        css_selector, data = data[1:10], data[10:]
+
+        try:
+            soup = BeautifulSoup(data[1:], features=parsers[idx])
+        except ParserRejectedMarkup:
+            return
+        except ValueError:
+            return
+
+        list(soup.find_all(True))
+        try:
+            soup.css.select(css_selector.decode('utf-8', 'replace'))
+        except SelectorSyntaxError:
+            return
+        soup.prettify()
+    
     # This class of error has been fixed by catching a less helpful
     # exception from html.parser and raising ParserRejectedMarkup
     # instead.
     @pytest.mark.parametrize(
         "filename", [
             "clusterfuzz-testcase-minimized-bs4_fuzzer-5703933063462912",
+            "crash-ffbdfa8a2b26f13537b68d3794b0478a4090ee4a",
         ]
     )
     def test_rejected_markup(self, filename):
         markup = self.__markup(filename)
         with pytest.raises(ParserRejectedMarkup):
             BeautifulSoup(markup, 'html.parser')
-
+            
     # This class of error has to do with very deeply nested documents
     # which overflow the Python call stack when the tree is converted
     # to a string. This is an issue with Beautiful Soup which was fixed
     # as part of [bug=1471755].
+    #
+    # These test cases are in the older format that doesn't specify
+    # which parser to use or give a CSS selector.
     @pytest.mark.parametrize(
         "filename", [
             "clusterfuzz-testcase-minimized-bs4_fuzzer-5984173902397440",
@@ -46,18 +91,44 @@ def test_rejected_markup(self, filename):
             "clusterfuzz-testcase-minimized-bs4_fuzzer-6450958476902400",
         ]
     )
-    def test_deeply_nested_document(self, filename):
+    def test_deeply_nested_document_without_css(self, filename):
         # Parsing the document and encoding it back to a string is
         # sufficient to demonstrate that the overflow problem has
         # been fixed.
         markup = self.__markup(filename)
         BeautifulSoup(markup, 'html.parser').encode()
 
+    # This class of error has to do with very deeply nested documents
+    # which overflow the Python call stack when the tree is converted
+    # to a string. This is an issue with Beautiful Soup which was fixed
+    # as part of [bug=1471755].
+    @pytest.mark.parametrize(
+        "filename", [
+            "clusterfuzz-testcase-minimized-bs4_fuzzer-5000587759190016",
+            "clusterfuzz-testcase-minimized-bs4_fuzzer-5375146639360000",
+            "clusterfuzz-testcase-minimized-bs4_fuzzer-5492400320282624",
+        ]
+    )
+    def test_deeply_nested_document(self, filename): 
+       self.fuzz_test_with_css(filename)
+        
+    @pytest.mark.parametrize(
+        "filename", [
+            "clusterfuzz-testcase-minimized-bs4_fuzzer-4670634698080256",
+            "clusterfuzz-testcase-minimized-bs4_fuzzer-5270998950477824",
+        ]
+    )
+    def test_soupsieve_errors(self, filename):
+        self.fuzz_test_with_css(filename)
+        
     # This class of error represents problems with html5lib's parser,
     # not Beautiful Soup. I use
     # https://github.com/html5lib/html5lib-python/issues/568 to notify
     # the html5lib developers of these issues.
-    @pytest.mark.skip("html5lib problems")
+    #
+    # These test cases are in the older format that doesn't specify
+    # which parser to use or give a CSS selector.
+    @pytest.mark.skip(reason="html5lib-specific problems")
     @pytest.mark.parametrize(
         "filename", [
             # b"""أ؟<!DOCTyPEV PUBLIC'''أگ'"""
@@ -68,7 +139,7 @@ def test_deeply_nested_document(self, filename):
 
             # b'-<math><sElect><mi><sElect><sElect>'
             "clusterfuzz-testcase-minimized-bs4_fuzzer-5843991618256896",
-
+           
             # b'أ±<table><svg><html>'
             "clusterfuzz-testcase-minimized-bs4_fuzzer-6241471367348224",
 
@@ -79,10 +150,24 @@ def test_deeply_nested_document(self, filename):
             "crash-0d306a50c8ed8bcd0785b67000fcd5dea1d33f08"
         ]
     )
-    def test_html5lib_parse_errors(self, filename):
+    def test_html5lib_parse_errors_without_css(self, filename):
         markup = self.__markup(filename)
         print(BeautifulSoup(markup, 'html5lib').encode())
 
+    # This class of error represents problems with html5lib's parser,
+    # not Beautiful Soup. I use
+    # https://github.com/html5lib/html5lib-python/issues/568 to notify
+    # the html5lib developers of these issues.
+    @pytest.mark.skip(reason="html5lib-specific problems")
+    @pytest.mark.parametrize(
+        "filename", [
+            # b'-      \xff\xff  <math>\x10<select><mi><select><select>t'
+            "clusterfuzz-testcase-minimized-bs4_fuzzer-6306874195312640",
+        ]
+    )
+    def test_html5lib_parse_errors(self, filename):
+        self.fuzz_test_with_css(filename)
+        
     def __markup(self, filename):
         if not filename.endswith(self.TESTCASE_SUFFIX):
             filename += self.TESTCASE_SUFFIX
diff --git a/ext/bs4/tests/test_tag.py b/ext/bs4/tests/test_tag.py
index 88cc202d70..c48f334567 100644
--- a/ext/bs4/tests/test_tag.py
+++ b/ext/bs4/tests/test_tag.py
@@ -219,3 +219,16 @@ def test_customization(self):
         )
         assert soup.a['class'] == 'foo'
         assert soup.a['id'] == ['bar']
+
+    def test_hidden_tag_is_invisible(self):
+        # Setting .hidden on a tag makes it invisible in output, but
+        # leaves its contents visible.
+        #
+        # This is not a documented or supported feature of Beautiful
+        # Soup (e.g. NavigableString doesn't support .hidden even
+        # though it could), but some people use it and it's not
+        # hurting anything to verify that it keeps working.
+        #
+        soup = self.soup('<div id="1"><span id="2">a string</span></div>')
+        soup.span.hidden = True
+        assert '<div id="1">a string</div>' == str(soup.div)
diff --git a/ext/readme.md b/ext/readme.md
index 68f8cafe0a..650601f1b8 100644
--- a/ext/readme.md
+++ b/ext/readme.md
@@ -5,7 +5,7 @@ ext | **`adba`** | pymedusa/[37b0c74](https://github.com/pymedusa/adba/tree/37b0
 ext | `appdirs` | [1.4.3](https://pypi.org/project/appdirs/1.4.3/) | `simpleanidb`, `subliminal` (cli only) | File: `appdirs.py`
 ext | `attrs` | [18.2.0](https://pypi.org/project/attrs/18.2.0/) | `imdbpie` | Module: `attr`
 ext | **`babelfish`** | [0.6.0](https://pypi.org/project/babelfish/0.6.0/) | **`medusa`**, `guessit`, `knowit`, `subliminal` | -
-ext | `beautifulsoup4` | [4.12.2](https://pypi.org/project/beautifulsoup4/4.12.2/) | **`medusa`**, `subliminal` | Module: `bs4`
+ext | `beautifulsoup4` | [4.12.3](https://pypi.org/project/beautifulsoup4/4.12.3/) | **`medusa`**, `subliminal` | Module: `bs4`
 ext | `bencode.py` | [4.0.0](https://pypi.org/project/bencode.py/4.0.0/) | **`medusa`** | Modules: `bencodepy`, `bencode`<br>Monkey-patched, see `medusa/init/__init__.py`
 ext | **`boto`** | [2.48.0](https://pypi.org/project/boto/2.48.0/) | `imdbpie` | -
 ext | `CacheControl` | [0.13.1](https://pypi.org/project/CacheControl/0.13.1/) | **`medusa`** | Module: `cachecontrol`