Bump npm-packlist from 1.4.6 to 2.0.1

Bump @sentry/browser from 5.7.1 to 5.9.0

Bump sass from 1.23.3 to 1.23.6

Bump commander from 3.0.2 to 4.0.1

Bumps [sass](https://github.com/sass/dart-sass) from 1.23.3 to 1.23.6.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.23.3...1.23.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 5.7.1 to 5.9.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/5.7.1...5.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.556.0 to 2.573.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.556.0...v2.573.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [npm-packlist](https://github.com/npm/npm-packlist) from 1.4.6 to 2.0.1.
- [Release notes](https://github.com/npm/npm-packlist/releases)
- [Commits](https://github.com/npm/npm-packlist/compare/v1.4.6...v2.0.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 16.34.0 to 16.35.0.
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](https://github.com/octokit/rest.js/compare/v16.34.0...v16.35.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Add changeFocusModeUser action

- Edit `cross-origin-rpc.js` server to be able to call actions.
- Add registerMethods rpc whitelist mapping function

Add hook to tell an element to close if interactions happen outside of it

Prevent errors arising from applying private permissions to anonymous annotations

As a convenience, the app retains the last permissions level used by a user when publishing an annotation. For example, if a user creates and saves and annotation that is set to “only me”/private, the app stashes that as a pseudo-preference in `localStorage` and the next time a user creates a new annotation, that will be the default permissions level applied to it. This makes it easier to create several subsequent annotations that have the same permissions/sharing setting.

There is a bug in this approach, however, which before this patch happened when:

* A Hypothesis user creates an annotation and sets the permissions to “private” (only me) and saves the annotation successfully to the `h` service, then;
* The Hypothesis user logs out, then;
* The same person in the same browser (now an anonymous user from Hypothesis’ perspective) selects some text and clicks “annotate., then;
* The user is shown an error message that they must log in to create annotations: they click “Log In”

Before this fix, the user then would see an error “Cannot read property ‘split’ of null” in an error flash and the login process would not successfully complete. The only workaround was to reload the browser window and try again.

After this fix, the user will not see an error after the sequence detailed above and the login process will complete.

This fix is achieved by preventing the app from attempting to apply default permissions of “only me”/private when no `userid` is available. Doing so creates corrupted permissions on the annotation which throw `TypeError`s when later iterated over.

There are several further fixes necessary to fully clean up this situation, but this patches over the immediate user-visible bug.

Fixes https://github.com/hypothesis/client/issues/1221

Bump autoprefixer from 9.7.0 to 9.7.1

Clean up `TopBar`: CSS, ARIA

Add Copy-version-details to help panel; tighten design/layout

Bump showdown from 1.9.0 to 1.9.1

Bump sass from 1.23.1 to 1.23.3

Bump preact from 10.0.4 to 10.0.5

Bumps [preact](https://github.com/preactjs/preact) from 10.0.4 to 10.0.5.
- [Release notes](https://github.com/preactjs/preact/releases)
- [Commits](https://github.com/preactjs/preact/compare/10.0.4...10.0.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump prettier from 1.18.2 to 1.19.1

Bumps [@babel/preset-env](https://github.com/babel/babel) from 7.6.3 to 7.7.1.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.6.3...v7.7.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Merge pull request #1490 from hypothesis/dependabot/npm_and_yarn/babel-plugin-mockable-imports-1.5.2

Bumps [@babel/preset-react](https://github.com/babel/babel) from 7.6.3 to 7.7.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.6.3...v7.7.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [babel-plugin-mockable-imports](https://github.com/robertknight/babel-plugin-mockable-imports) from 1.5.1 to 1.5.2.
- [Release notes](https://github.com/robertknight/babel-plugin-mockable-imports/releases)
- [Changelog](https://github.com/robertknight/babel-plugin-mockable-imports/blob/master/CHANGELOG.md)
- [Commits](https://github.com/robertknight/babel-plugin-mockable-imports/compare/v1.5.1...v1.5.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.7.0 to 9.7.1.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.7.0...9.7.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [showdown](https://github.com/showdownjs/showdown) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/showdownjs/showdown/releases)
- [Changelog](https://github.com/showdownjs/showdown/blob/1.9.1/CHANGELOG.md)
- [Commits](https://github.com/showdownjs/showdown/compare/1.9.0...1.9.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [sass](https://github.com/sass/dart-sass) from 1.23.1 to 1.23.3.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.23.1...1.23.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [@babel/core](https://github.com/babel/babel) from 7.6.4 to 7.7.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.6.4...v7.7.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [prettier](https://github.com/prettier/prettier) from 1.18.2 to 1.19.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/master/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/1.18.2...1.19.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>