Our scripting automatically installs tox in pyenv so you don't have to
install tox manually or system-wide. Unfortunately it wasn't working:
the installed tox doesn't appear on your PATH until you run a
`pyenv rehash`

Improve loading state for LMS, all users

Make fetch exceptions consistent and filter them from Sentry

Improve handling of annotation fetch error in single annotation view

Previously if the user visited a `/a/<ID>` URL and the request to fetch
the annotation failed with a 404 then the user would see a blank page.
If the fetch failed because the annotation was private, logging in did
not cause the annotation to be fetched.

This commit resolves the two issues:

 - When the logged-in user changes, re-fetch the annotation
 - If the annotation fetch fails, an "Annotation unavailable" message is
   shown. This currently repurposes the error that is shown when a
   direct-linked annotation fetch fails, but without the "Clear
   selection" button.

This commit also fixes an issue where a direct link to a group that
could not be fetched would show a "Clear selection" button even though
there was no active selection to clear. That button is only needed when
following a direct link to an annotation.

For the places in the application that we care about whether “things are
currently loading”, whether annotations have ever been fetched is relevant.
Consider the application to be loading if there are any in-flight API
requests OR annotations have never been successfully loaded.

Fixes #2018

Different browsers format Fetch errors differently; give them some
sort of consistency by re-throwing something with a common string.

This will allows us to filter out fetch errors from sentry logging,
as well.

Consolidate CSS font rules in `annotator` SCSS

Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 17.6.0 to 17.9.1.
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](https://github.com/octokit/rest.js/compare/v17.6.0...v17.9.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump chance from 1.1.4 to 1.1.5

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.673.0 to 2.679.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.673.0...v2.679.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump puppeteer from 3.0.4 to 3.1.0

Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.19.0 to 7.20.0.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.19.0...v7.20.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [puppeteer](https://github.com/puppeteer/puppeteer) from 3.0.4 to 3.1.0.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Commits](https://github.com/puppeteer/puppeteer/compare/v3.0.4...v3.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump karma from 5.0.5 to 5.0.8

Bump fetch-mock from 9.5.1 to 9.9.0

Bump codecov from 3.6.5 to 3.7.0

Bump autoprefixer from 9.7.6 to 9.8.0

Fix race condition and error handling when fetching groups in LMS app

Groups have two kinds of ID - the one auto-generated by h and optionally
the one supplied by the authority that created the group. The service
config can specify which groups to show using either kind.

Restore document metadata to annotation cards

Rework fetching of groups specified in the client's settings to first
fetch all the groups that the user is a member of and then only make
separate API calls to fetch groups specified in the configuration which
are not in that list.

In the case of the LMS app, which is the main use case for this setting,
this reduces the load on the backend by only making one request to fetch
an LMS user's groups rather than one per course section.

In the process the existing parameterized test was split into separate
tests since the logic for each case was sufficiently different that it
made more sense.

Bumps [codecov](https://github.com/codecov/codecov-node) from 3.6.5 to 3.7.0.
- [Release notes](https://github.com/codecov/codecov-node/releases)
- [Commits](https://github.com/codecov/codecov-node/compare/v3.6.5...v3.7.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.7.6 to 9.8.0.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.7.6...9.8.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [karma](https://github.com/karma-runner/karma) from 5.0.5 to 5.0.8.
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](https://github.com/karma-runner/karma/compare/v5.0.5...v5.0.8)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [chance](https://github.com/chancejs/chancejs) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/chancejs/chancejs/releases)
- [Commits](https://github.com/chancejs/chancejs/compare/1.1.4...1.1.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [fetch-mock](https://github.com/wheresrhys/fetch-mock) from 9.5.1 to 9.9.0.
- [Release notes](https://github.com/wheresrhys/fetch-mock/releases)
- [Commits](https://github.com/wheresrhys/fetch-mock/compare/v9.5.1...v9.9.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Minimize the font rules to the minimum and adjust related rules

Part of #2165

When the LMS app starts it loads Via and the client concurrently with
creating the group(s) for the current course/sections and provides the
groups to the client asynchronously when ready.

Previously when loading groups in this context the client would fetch
groups from h, then wait for the group IDs to be returned from the LMS
app and filter the list of loaded groups by those IDs. There was a race
condition here in that the client may end up fetching groups from h
before they have been created by the LMS backend.

Additionally the error handling was poor if some or all of the group IDs
returned LMS app failed to load. The user could see just a blank state
with no error notice.

This PR resolves these issues by splitting the `groups.load()` method which
is called on startup to load groups into two separate code paths, one
for the case where the annotation service configures the client to load
specific groups and the other for the default case where the client
loads groups associated with the current user, current document and
direct links.

When specific groups are configured, the client will wait for those IDs
to be available before loading only those groups from the API. If some
of the groups fail to load, an error notice will be shown but any other
groups which did load will still be shown.

A potential issue with this new approach is that we are making one HTTP
request per group to load, although all requests happen concurrently and
we are using HTTP/2. This may be slower if there are a large number of groups.

Fixes #2162

Change the client RPC request to optionally bypass the timeout. There could be a case where it's waiting for user input to proceed with authorization and could take any number of seconds.

Hide menu item toggle button if there are no items

Pass undefined to MenuItem to hide the submenu and its toggle button.

Add negative top margin to “show x more in conversation” buttons

Focus first item in menu when opened by any input method

Remove unused annotator CSS

Bump fetch-mock from 9.4.0 to 9.5.1

Merge pull request #2144 from hypothesis/dependabot/npm_and_yarn/karma-coverage-istanbul-reporter-3.0.2

Bump karma-coverage-istanbul-reporter from 2.1.1 to 3.0.2