Bumps [terser](https://github.com/terser/terser) from 4.6.13 to 4.7.0.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v4.6.13...v4.7.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: Kyle Keating <kkeating@hypothes.is>

Co-authored-by: Kyle Keating <kkeating@hypothes.is>

* Add `aria-expanded` to sidebar show/hide button

* Add axe test to annotator toolbar component
Co-authored-by: Kyle Keating <kkeating@hypothes.is>

Use `aria-expanded` instead of `aria-pressed` per a11y audit

Replace the `BEFORE_ANNOTATION_CREATED` event

 - Move a comment down to the `useEffect` call it referred to
 - Reword the note about what happens when there are multiple unsaved
   annotations and the newest one is removed or saved

Remove redundant “Select” and “tabs” verbiage

It is possible for multiple unsaved annotations to exist if a user
creates a new annotation, enters some text but does not save, and then
creates another new annotation. In this case, make the thread list
always scroll to the newest. A side effect of the implementation is that
if this second annotation is then deleted or saved, the thread list will
scroll back to the previous unsaved annotation. This behavior seems
useful, so I've kept it.

The `BEFORE_ANNOTATION_CREATED` event was used for two purposes:

 1. Invoke `annotationsService.create(...)` to create the annotation in
    the sidebar.
 2. Scroll the newly created annotation into view

Resolve (1) by calling `annotationsService.create` directly from the
`frameSync` service and resolve (2) by watching for changes to
`unsavedAnnotations()` in the store and scrolling to the new annotation
when it appears.

There is one functional change which is that replies will be scrolled
into view, as this seems like a useful behavior if the user clicks the
"Reply" button for a thread and the input field appears below the bottom
of the screen.

Improve loading state for LMS, all users

Make fetch exceptions consistent and filter them from Sentry

Improve handling of annotation fetch error in single annotation view

Previously if the user visited a `/a/<ID>` URL and the request to fetch
the annotation failed with a 404 then the user would see a blank page.
If the fetch failed because the annotation was private, logging in did
not cause the annotation to be fetched.

This commit resolves the two issues:

 - When the logged-in user changes, re-fetch the annotation
 - If the annotation fetch fails, an "Annotation unavailable" message is
   shown. This currently repurposes the error that is shown when a
   direct-linked annotation fetch fails, but without the "Clear
   selection" button.

This commit also fixes an issue where a direct link to a group that
could not be fetched would show a "Clear selection" button even though
there was no active selection to clear. That button is only needed when
following a direct link to an annotation.

For the places in the application that we care about whether “things are
currently loading”, whether annotations have ever been fetched is relevant.
Consider the application to be loading if there are any in-flight API
requests OR annotations have never been successfully loaded.

Fixes #2018

Different browsers format Fetch errors differently; give them some
sort of consistency by re-throwing something with a common string.

This will allows us to filter out fetch errors from sentry logging,
as well.

Consolidate CSS font rules in `annotator` SCSS

Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 17.6.0 to 17.9.1.
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](https://github.com/octokit/rest.js/compare/v17.6.0...v17.9.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump chance from 1.1.4 to 1.1.5

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.673.0 to 2.679.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.673.0...v2.679.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump puppeteer from 3.0.4 to 3.1.0

Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.19.0 to 7.20.0.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.19.0...v7.20.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [puppeteer](https://github.com/puppeteer/puppeteer) from 3.0.4 to 3.1.0.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Commits](https://github.com/puppeteer/puppeteer/compare/v3.0.4...v3.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump karma from 5.0.5 to 5.0.8

Bump fetch-mock from 9.5.1 to 9.9.0

Bump codecov from 3.6.5 to 3.7.0

Bump autoprefixer from 9.7.6 to 9.8.0

Fix race condition and error handling when fetching groups in LMS app

Groups have two kinds of ID - the one auto-generated by h and optionally
the one supplied by the authority that created the group. The service
config can specify which groups to show using either kind.

Restore document metadata to annotation cards

Rework fetching of groups specified in the client's settings to first
fetch all the groups that the user is a member of and then only make
separate API calls to fetch groups specified in the configuration which
are not in that list.

In the case of the LMS app, which is the main use case for this setting,
this reduces the load on the backend by only making one request to fetch
an LMS user's groups rather than one per course section.

In the process the existing parameterized test was split into separate
tests since the logic for each case was sufficiently different that it
made more sense.

Bumps [codecov](https://github.com/codecov/codecov-node) from 3.6.5 to 3.7.0.
- [Release notes](https://github.com/codecov/codecov-node/releases)
- [Commits](https://github.com/codecov/codecov-node/compare/v3.6.5...v3.7.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.7.6 to 9.8.0.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.7.6...9.8.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [karma](https://github.com/karma-runner/karma) from 5.0.5 to 5.0.8.
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](https://github.com/karma-runner/karma/compare/v5.0.5...v5.0.8)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [chance](https://github.com/chancejs/chancejs) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/chancejs/chancejs/releases)
- [Commits](https://github.com/chancejs/chancejs/compare/1.1.4...1.1.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>