Bumps [unorm](https://github.com/walling/unorm) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/walling/unorm/releases)
- [Commits](https://github.com/walling/unorm/compare/v1.4.1...v1.5.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

* Remove Google Plus share options from the client

- Google Plus is shutting down, so remove share icons for it from the
  client
- Add padding around remaining icons in annotation share dialog and
  spacer after "Share" label to avoid having too much space between
  icons

Fixes https://github.com/hypothesis/product-backlog/issues/947

* Update icon font to remove Google+ icons

Remove the Google+ icons and regenerate the icon font using the Icomoon
app, following the process described in src/styles/vendor/ICOMOON.md.

In the process I had to select the option in the Icomoon UI to remove
custom colors from many of the icons. In the client the
`h-icon-*::before` selectors should specify only the font to use and
content to show but not a color. The color is inherited from the parent
elements. I believe this is necessary because it has been a long time
since the icon font was last updated and the Icomoon app has evolved
since then.

* Add notes about how to update or remove icons from the icon font

Avoid using build executor while waiting for deployment confirmation

Bump @octokit/rest from 16.15.0 to 16.16.0

Bump eslint from 5.14.0 to 5.14.1

Bump sinon from 7.2.3 to 7.2.4

Bump gulp-sourcemaps from 2.6.4 to 2.6.5

Bump mocha from 5.2.0 to 6.0.0

Within a `node` block, `return` will just stop the sequence of steps
within that block, not the whole pipeline.

Bumps [eslint](https://github.com/eslint/eslint) from 5.14.0 to 5.14.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v5.14.0...v5.14.1)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 16.15.0 to 16.16.0.
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](https://github.com/octokit/rest.js/compare/v16.15.0...v16.16.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [sinon](https://github.com/sinonjs/sinon) from 7.2.3 to 7.2.4.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v7.2.3...v7.2.4)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [gulp-sourcemaps](https://github.com/gulp-sourcemaps/gulp-sourcemaps) from 2.6.4 to 2.6.5.
- [Release notes](https://github.com/gulp-sourcemaps/gulp-sourcemaps/releases)
- [Commits](https://github.com/gulp-sourcemaps/gulp-sourcemaps/compare/v2.6.4...v2.6.5)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [mocha](https://github.com/mochajs/mocha) from 5.2.0 to 6.0.0.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v5.2.0...v6.0.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

The Jenkinsfile previously has this structure:

```
node {
  // Do checkout, run tests etc.
  ...
  stage('Deploy to prod') {
    input(message: "Deploy to prod")
  }
}
```

While any steps inside the `node` block are running or waiting, the pipeline
will consume a build executor slot. If several client builds were waiting for
manual input, this could prevent other Jenkins jobs from running.

This commit restructures the Jenkinsfile like so:

```
node {
  // Do checkout, run tests etc.
}

stage('Deploy to prod') {
  input(message: 'Deploy to prod?')
  node {
    // Do the deployment
  }
}

As a result, a client build waiting to be deployed to production will no longer
consume a build executor slot.

See also the "7. Don't: Use input within a node" tip in [1]

Fixes #955

[1] https://www.cloudbees.com/blog/top-10-best-practices-jenkins-pipeline-plugin

Bump eslint from 5.13.0 to 5.14.0

Bump @babel/core from 7.2.2 to 7.3.3

Merge pull request #951 from hypothesis/dependabot/npm_and_yarn/karma-coverage-istanbul-reporter-2.0.5

Bump karma-coverage-istanbul-reporter from 2.0.4 to 2.0.5

Bump babel-plugin-istanbul from 5.1.0 to 5.1.1

Bumps [eslint](https://github.com/eslint/eslint) from 5.13.0 to 5.14.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v5.13.0...v5.14.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [@babel/core](https://github.com/babel/babel) from 7.2.2 to 7.3.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.2.2...v7.3.3)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [babel-plugin-istanbul](https://github.com/istanbuljs/babel-plugin-istanbul) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/istanbuljs/babel-plugin-istanbul/releases)
- [Changelog](https://github.com/istanbuljs/babel-plugin-istanbul/blob/master/CHANGELOG.md)
- [Commits](https://github.com/istanbuljs/babel-plugin-istanbul/compare/v5.1.0...v5.1.1)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [karma-coverage-istanbul-reporter](https://github.com/mattlewis92/karma-coverage-istanbul-reporter) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/mattlewis92/karma-coverage-istanbul-reporter/releases)
- [Changelog](https://github.com/mattlewis92/karma-coverage-istanbul-reporter/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mattlewis92/karma-coverage-istanbul-reporter/compare/v2.0.4...v2.0.5)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Update LICENSE file

* Add isScopedToUri property based on group scope

CombinedGroups now takes into account the scoping of groups and adds
an isScopedToUri property to each group indicating whether is can be
annotated in at the provided uri based on its defined scope.

* Provide scope info and page's uri to combineGroups

Get the scope info for each group by passing expand: scopes in the group
api requests. Pass the documentUri to the CombineGroup function as it needs
this in order to determine which groups are scoped to the page's uri.

* Remove endefined checking logic

Bump core-js from 2.6.4 to 2.6.5

Bumps [core-js](https://github.com/zloirock/core-js) from 2.6.4 to 2.6.5.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/v2.6.5/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/compare/v2.6.4...v2.6.5)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bump eslint-plugin-mocha from 5.2.1 to 5.3.0

Bumps [eslint-plugin-mocha](https://github.com/lo1tuma/eslint-plugin-mocha) from 5.2.1 to 5.3.0.
- [Release notes](https://github.com/lo1tuma/eslint-plugin-mocha/releases)
- [Changelog](https://github.com/lo1tuma/eslint-plugin-mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lo1tuma/eslint-plugin-mocha/compare/5.2.1...5.3.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

[Security] Bump handlebars from 4.0.12 to 4.1.0

- Update the copyright year

- Remove copyright notices for code which is no longer vendored into the
  source tree but instead fetched from npm. In those cases the npm
  package includes machine-readable license metadata.

  I left the "annotator" notice because we still have some code derived from
  Annotator.js in the source tree, even though much of it has been
  replaced.

See also https://github.com/hypothesis/h/pull/5537

Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.0.12 to 4.1.0. **This update includes security fixes.**
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/wycats/handlebars.js/blob/v4.1.0/release-notes.md)
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.0.12...v4.1.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bump codecov from 3.1.0 to 3.2.0

Bumps [codecov](https://github.com/codecov/codecov-node) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/codecov/codecov-node/releases)
- [Commits](https://github.com/codecov/codecov-node/commits)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Use token instead of store.profile to calc isLoggedIn

* Support filtering annotations by display name

Allow `user:{term}` filters in the search bar to match display names as
well as usernames.

I have allowed for annotations having no `user_info` field as with other
code in the client that handles annotation objects. However "h" will always
populate that field currently.

Fixes https://github.com/hypothesis/product-backlog/issues/943

* Add tests to clarify how quotes are handled in filter query parsing

This came out of a Slack discussion [1] about how the client handles
quoted and unquoted terms in filter queries.

[1] https://hypothes-is.slack.com/archives/C4K6M7P5E/p1549466094062700

* Test that all matching annotations are returned for "user" queries

Respond to CR feedback to extend the current set of tests for "user"
queries.

Add custom client version header to api requests

Bump aws-sdk from 2.398.0 to 2.400.0

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.398.0 to 2.400.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.398.0...v2.400.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>