Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 6.3.6 to 6.4.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.3.6...6.4.0)
Signed-off-by: dependabot[bot] <support@github.com>

- Observe changes in `enable-annotation` attribute. Currently, if an
  existing iframe adds the attribute it won't be detected.

- `sidebar` or `notebook` iframes are shadow DOMed so they are not
  returned by `querySelector...` or `getElement...` (from elements
  outside the shadow root). Therefore, it is not necessary to filter
  these iframes out.

Specify the type of `window.PDFViewerApplication` in src/types/pdfjs.js
add various missing properties required by `PDFIntegration` as well as
adding checks for potentially null/undefined values that were missing
previously.

 - Add a fallback for older versions of PDF.js where `PDFViewerApplication`
   did not have an `appConfig` property [1]
 - Add a missing check for `getPageView` returning `null`

Fixes https://github.com/hypothesis/product-backlog/issues/1205

[1] The property was introduced in https://github.com/mozilla/pdf.js/commit/b6c74f20561b04573cd00dd924484be7f80a09ce

Add a temporary class name prefix to the local `Panel` component styles.

This will avoid conflicts with the styling for the new `Panel` component
in the `frontend-shared` package.

In the future:

* This local `Panel` will be supplanted by the shared variant, and
* Shared component classnames will be prefixed to avoid future conflicts

All of the components use selector methods now instead of accessing the
store's internal state directly.

Remove the last remaining usage of `store.getState()` outside of the
store implementation in favor of the `store.allAnnotations()` selector
method.

This allows simplifying the state structure in the fake store that the
`FrameSyncService` tests create.

Convert the `store/index.js` and `store/create-store.js` modules to use
named rather than default exports per our current conventions, and
revise the documentation.

The goal of the revised documentation is to more clearly describe what the
store is and how it is used within the sidebar/notebook app, assuming
that the reader is likely have at least some familiarity with Redux (or
can read the "Introduction" section of the linked website if not). In
particular I have tried to convey:

 - The separation between the "base" `createStore` function which is not
   application-specific and the `createSidebarStore` function and the
   modules it uses which are
 - How the store in the sidebar app differs from a standard/base Redux store
 - Best practices around using the store from other parts of the app
   (use `useStoreProxy` in UI components, use selector and action
   methods rather than `getState` and `dispatch`)

Replace the usage of `document.title` as a way to get the document title
if the PDF has no embedded title in either its _document info
dictionary_ or _metadata stream_.

In top-level frames using `document.title` (where `document` is the
global HTML document, not the PDF) works because PDF.js sets the title
based on the first non-empty value from:

 1. The embedded title
 2. The filename from the `Content-Disposition` header
 3. The last segment of the URL's path (eg. "test.pdf" in
    "https://example.com/test.pdf")

When PDF.js is embedded in an iframe however, it does not set
`document.title` by default. As a result, documents were ending up in
Hypothesis with a generic "PDF.js viewer" title.

This commit implements (roughly) the same logic that PDF.js uses to
determine the value used to set `document.title`, in the case where the
PDF has no embedded title. This means implementing steps (2) and (3)
from the above list. The `Content-Disposition` filename is not exposed
as a public property on `PDFViewerApplication`, so
`PDFMetadata#getMetadata` was refactored to call the
`pdfDocument.getMetadata` instead.

Fixes https://github.com/hypothesis/client/issues/3372

I ignored one path that is only used in local development.

Part of https://github.com/hypothesis/client/issues/3298

Convert the `streamer` service to an ES class, modernize the code
(functions => arrow functions, Promise chains => async/await) and
improve the class documentation. There are no significant changes to the internal
logic or API.

This makes it more obvious what is going on at a glance. Refactoring the
code in this way revealed to TS a hazard where `newGroupId` could, at
least based only on local reasoning, be null. In practice this shouldn't
happen due to the contexts when the method is called, but I've added a
check to be safe and keep TS happy.

Re-order the arguments based on an alphabetic sorting of the `@param`
lines, which results in sorting by import path. This will make it more obvious
where to slot in any new dependencies in future. Also sort the field
initialization to match.

 - Convert the `groups` service to an ES class and the many closures in
   the constructor to private or public methods.

 - Remove the unused `all` and `get` methods of the groups service.
   These were trivial wrappers around store methods. UI components
   should use the store methods directly.

 - Clarify what a "non-file URL" means and add an additional test case
   for HTTPS URLs
 - Add a comment to clarify the precedence order of titles. The tests
   could more directly check that the expected precedence order is
   respected, but the logic here is expected to change very soon, so
   just add a comment for now.

Convert remaining promise chains in `PDFMetadata` tests to async/await.

 - Convert promise chains to async/await

 - Add missing tests to check that the PDF URL and fingerprint URL
   appear in the object returned by `getMetadata`. These were previously
   tested indirectly in other tests.

 - Change tests to only check the specific properties of the returned
   object that are of interest. This reduces the changes needed when
   tests change unrelated parts of the output.

Refactor the setup steps in PDFMetadata tests to make it easier
to customize the PDF metadata exposed by the fake PDF.js environment.
Instead of creating a fake `PDFViewerApplication` and `PDFMetadata`
instance before each test, provide a helper function that creates both
using the provided metadata.

Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 6.3.5 to 6.3.6.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/6.3.5...6.3.6)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [prettier](https://github.com/prettier/prettier) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/2.2.1...2.3.0)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [katex](https://github.com/KaTeX/KaTeX) from 0.13.5 to 0.13.9.
- [Release notes](https://github.com/KaTeX/KaTeX/releases)
- [Changelog](https://github.com/KaTeX/KaTeX/blob/master/CHANGELOG.md)
- [Commits](https://github.com/KaTeX/KaTeX/compare/v0.13.5...v0.13.9)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [codecov](https://github.com/codecov/codecov-node) from 3.8.1 to 3.8.2.
- [Release notes](https://github.com/codecov/codecov-node/releases)
- [Changelog](https://github.com/codecov/codecov-node/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-node/compare/v3.8.1...v3.8.2)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) from 7.14.0 to 7.14.1.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.14.1/packages/babel-preset-env)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [postcss](https://github.com/postcss/postcss) from 8.2.13 to 8.2.14.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.2.13...8.2.14)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.897.0 to 2.903.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.897.0...v2.903.0)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [eslint-config-hypothesis](https://github.com/hypothesis/frontend-toolkit) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/hypothesis/frontend-toolkit/releases)
- [Commits](https://github.com/hypothesis/frontend-toolkit/commits)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [gulp-replace](https://github.com/lazd/gulp-replace) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/lazd/gulp-replace/releases)
- [Commits](https://github.com/lazd/gulp-replace/compare/v1.1.2...v1.1.3)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [mocha](https://github.com/mochajs/mocha) from 8.3.2 to 8.4.0.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v8.3.2...v8.4.0)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [eslint](https://github.com/eslint/eslint) from 7.25.0 to 7.26.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v7.25.0...v7.26.0)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [puppeteer](https://github.com/puppeteer/puppeteer) from 9.0.0 to 9.1.1.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md)
- [Commits](https://github.com/puppeteer/puppeteer/compare/v9.0.0...v9.1.1)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [npm-packlist](https://github.com/npm/npm-packlist) from 2.1.5 to 2.2.2.
- [Release notes](https://github.com/npm/npm-packlist/releases)
- [Commits](https://github.com/npm/npm-packlist/compare/v2.1.5...v2.2.2)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) from 3.11.2 to 3.12.1.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/commits/v3.12.1/packages/core-js)
Signed-off-by: dependabot[bot] <support@github.com>

I removed a @ts-expect-error and tight some types.

I remove the returned `provider` property from the
`authStateFromProfile` function as it was not used.

Bumps [ua-parser-js](https://github.com/faisalman/ua-parser-js) from 0.7.23 to 0.7.28.
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Commits](https://github.com/faisalman/ua-parser-js/compare/0.7.23...0.7.28)
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.8...v2.8.9)
Signed-off-by: dependabot[bot] <support@github.com>

This ensures that the component doesn't attempt to call the prop and use
the result.

As noted in PR review, checking for a valid annotation first seems more
sensible.