Bump sinon from 7.2.3 to 7.2.4

Bump gulp-sourcemaps from 2.6.4 to 2.6.5

Bump mocha from 5.2.0 to 6.0.0

Bumps [sinon](https://github.com/sinonjs/sinon) from 7.2.3 to 7.2.4.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v7.2.3...v7.2.4)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [gulp-sourcemaps](https://github.com/gulp-sourcemaps/gulp-sourcemaps) from 2.6.4 to 2.6.5.
- [Release notes](https://github.com/gulp-sourcemaps/gulp-sourcemaps/releases)
- [Commits](https://github.com/gulp-sourcemaps/gulp-sourcemaps/compare/v2.6.4...v2.6.5)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [mocha](https://github.com/mochajs/mocha) from 5.2.0 to 6.0.0.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v5.2.0...v6.0.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bump eslint from 5.13.0 to 5.14.0

Bump @babel/core from 7.2.2 to 7.3.3

Merge pull request #951 from hypothesis/dependabot/npm_and_yarn/karma-coverage-istanbul-reporter-2.0.5

Bump karma-coverage-istanbul-reporter from 2.0.4 to 2.0.5

Bump babel-plugin-istanbul from 5.1.0 to 5.1.1

Bumps [eslint](https://github.com/eslint/eslint) from 5.13.0 to 5.14.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v5.13.0...v5.14.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [@babel/core](https://github.com/babel/babel) from 7.2.2 to 7.3.3.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.2.2...v7.3.3)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [babel-plugin-istanbul](https://github.com/istanbuljs/babel-plugin-istanbul) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/istanbuljs/babel-plugin-istanbul/releases)
- [Changelog](https://github.com/istanbuljs/babel-plugin-istanbul/blob/master/CHANGELOG.md)
- [Commits](https://github.com/istanbuljs/babel-plugin-istanbul/compare/v5.1.0...v5.1.1)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [karma-coverage-istanbul-reporter](https://github.com/mattlewis92/karma-coverage-istanbul-reporter) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/mattlewis92/karma-coverage-istanbul-reporter/releases)
- [Changelog](https://github.com/mattlewis92/karma-coverage-istanbul-reporter/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mattlewis92/karma-coverage-istanbul-reporter/compare/v2.0.4...v2.0.5)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Update LICENSE file

* Add isScopedToUri property based on group scope

CombinedGroups now takes into account the scoping of groups and adds
an isScopedToUri property to each group indicating whether is can be
annotated in at the provided uri based on its defined scope.

* Provide scope info and page's uri to combineGroups

Get the scope info for each group by passing expand: scopes in the group
api requests. Pass the documentUri to the CombineGroup function as it needs
this in order to determine which groups are scoped to the page's uri.

* Remove endefined checking logic

Bump core-js from 2.6.4 to 2.6.5

Bumps [core-js](https://github.com/zloirock/core-js) from 2.6.4 to 2.6.5.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/v2.6.5/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/compare/v2.6.4...v2.6.5)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bump eslint-plugin-mocha from 5.2.1 to 5.3.0

Bumps [eslint-plugin-mocha](https://github.com/lo1tuma/eslint-plugin-mocha) from 5.2.1 to 5.3.0.
- [Release notes](https://github.com/lo1tuma/eslint-plugin-mocha/releases)
- [Changelog](https://github.com/lo1tuma/eslint-plugin-mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lo1tuma/eslint-plugin-mocha/compare/5.2.1...5.3.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

[Security] Bump handlebars from 4.0.12 to 4.1.0

- Update the copyright year

- Remove copyright notices for code which is no longer vendored into the
  source tree but instead fetched from npm. In those cases the npm
  package includes machine-readable license metadata.

  I left the "annotator" notice because we still have some code derived from
  Annotator.js in the source tree, even though much of it has been
  replaced.

See also https://github.com/hypothesis/h/pull/5537

Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.0.12 to 4.1.0. **This update includes security fixes.**
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/wycats/handlebars.js/blob/v4.1.0/release-notes.md)
- [Commits](https://github.com/wycats/handlebars.js/compare/v4.0.12...v4.1.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bump codecov from 3.1.0 to 3.2.0

Bumps [codecov](https://github.com/codecov/codecov-node) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/codecov/codecov-node/releases)
- [Commits](https://github.com/codecov/codecov-node/commits)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Use token instead of store.profile to calc isLoggedIn

* Support filtering annotations by display name

Allow `user:{term}` filters in the search bar to match display names as
well as usernames.

I have allowed for annotations having no `user_info` field as with other
code in the client that handles annotation objects. However "h" will always
populate that field currently.

Fixes https://github.com/hypothesis/product-backlog/issues/943

* Add tests to clarify how quotes are handled in filter query parsing

This came out of a Slack discussion [1] about how the client handles
quoted and unquoted terms in filter queries.

[1] https://hypothes-is.slack.com/archives/C4K6M7P5E/p1549466094062700

* Test that all matching annotations are returned for "user" queries

Respond to CR feedback to extend the current set of tests for "user"
queries.

Add custom client version header to api requests

Bump aws-sdk from 2.398.0 to 2.400.0

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.398.0 to 2.400.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.398.0...v2.400.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Add tests for Authorization header on API requests

* Add profile.groups.read api endpoint

* Remove metadata from list groups api call

Rather than relying on the token of the logged in user being returned
as extra metadata from the list groups api call, simple use the profile
userid from the data store to determine whether a use is logged in or not.

* Add util/groups module with combineGroups helper

This will be used when the community-groups feature flag is set, to combine
groups from the groups list and profile groups endpoints.

* Add tests for util groups module

* Add tests for community-groups feature flag

Bump aws-sdk from 2.397.0 to 2.398.0

Bump core-js from 2.5.7 to 2.6.4

Bumps [core-js](https://github.com/zloirock/core-js) from 2.5.7 to 2.6.4.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/compare/v2.5.7...v2.6.4)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.397.0 to 2.398.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.397.0...v2.398.0)
Signed-off-by: dependabot[bot] <support@dependabot.com>

Add servetests to makefile for interactive test debug