Also: update tests for modern syntax

The real function returns a function. The mock returned a number. This
happened not to cause a failure currently but it could break with future
changes in Preact.

`assert.isEmpty()` checks the size of an array, map or set or counts the
number of keys on an object. It doesn't know how to check that an Enzyme
wrapper produced no output. `assert.isEmpty(wrapper)` passes due to
implementation details of the Enzyme wrapper - it behaves like an object
with no properties. However it _always_ passes regardless of the number of
nodes in the wrapper, which is not the intended behavior here.

String styles are a Preact-specific feature which is likely to go away in future.
Pass an object instead.

Because the code in `dev-server/static/scripts/util.js` is not
transpiled by Babel, it needs to be compatible with all the browsers
versions in `browserslist` (`package.json`).

Optional chaining `(?.)` is for example not support in Chrome versions <
80.

This is only an issue when testing `localhost:3000` on these supported,
but older browser versions.

Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 10.2.1 to 10.2.3.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/10.2.1...10.2.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [preact](https://github.com/preactjs/preact) from 10.5.10 to 10.5.11.
- [Release notes](https://github.com/preactjs/preact/releases)
- [Commits](https://github.com/preactjs/preact/compare/10.5.10...10.5.11)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [core-js](https://github.com/zloirock/core-js) from 3.8.2 to 3.8.3.
- [Release notes](https://github.com/zloirock/core-js/releases)
- [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/zloirock/core-js/compare/v3.8.2...v3.8.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [karma](https://github.com/karma-runner/karma) from 5.2.3 to 6.0.1.
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](https://github.com/karma-runner/karma/compare/v5.2.3...v6.0.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [sinon](https://github.com/sinonjs/sinon) from 9.2.3 to 9.2.4.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v9.2.3...v9.2.4)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [sass](https://github.com/sass/dart-sass) from 1.32.4 to 1.32.5.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.32.4...1.32.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [@octokit/rest](https://github.com/octokit/rest.js) from 18.0.12 to 18.0.14.
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](https://github.com/octokit/rest.js/compare/v18.0.12...v18.0.14)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.828.0 to 2.831.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.828.0...v2.831.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Move a few modules from `util` to (for now) the top-level
directory. These modules have multiple dependencies, or are
otherwise application-specific, but don't fit comfortably in
the `helpers` modules.

Extract modules from the `util` directory that are specific to
the application domain or have application dependencies

A side effect of using shadow DOM for the sidebar is that the BucketBar
'plugin' could not be injected easily using a current query mechanism.
After consulting with @robertknight, we decided to avoid using the
normal plugin injection mechanism and instead instantiate the BucketBar
from the sidebar.

This PR also includes:

- a no documented configuration option to disable the shadow DOM
  encapsulation. This can be removed in the future if not needed.
- more strict types
- simplification of the logic in the sidebar

I have tested these changes in the following browsers:

Brower\OS    | MacOS              | Windows
------------ | ------------------ | -----------------
Chrome 57    | ✔ | ✔
Chrome beta  | ✔ | ✔
Edge 17      |                    | ✔
Edge beta    | ✔ | ✔
Firefox 53   | ✔ | ✔
Firefox beta | ✔ | ✔
Safari 10    | ✔ |
Safari 14    | ✔ |

Refactor sorting functions to operate on threads instead of annotations.
Establish logic for retrieving and comparing "root" annotations, which
aren't always at the top level of a thread for "headless threads".

On doing some work I found the sidebar has a classname
`.annotator-outer` which doesn't have any associated style.

I couldn't find any other references to `annotator-outer` in the
project.

Although the client's test suite runs pretty quickly (~10s on my
machine once bundling completes) it is still useful to see progress
reporting.

Remove the verbose logging that was enabled for Chrome in Jenkins builds
a while ago. This was used to debug a problem with sporadic failures
that we haven't seen too much recently. If it becomes a significant
problem in future we'll probably take the opportunity to shift the whole
client build to GitHub Actions instead.

Bumps [socket.io](https://github.com/socketio/socket.io) from 2.3.0 to 2.4.1. **This update includes a security fix.**
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/2.4.1/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/2.3.0...2.4.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

- Ensure that the adder location is always below the highlighted selection on a touch devices so that it does not compete with the copy/paste bar.
- Add a little extra margin (10px) to the adder on touch devices to give room for the selection handles
- Add helper method `isTouchDevice` for touch devices
- Add comment in isSelectionBackwards to explain that iOS does not have the same selection object as non-iOS devices
- Add 1 missing test coverage case in adder.js

The Enzyme `hasClass` method was being called on a non-DOM node by
mistake. This didn't cause any problems, but it just meant that the test
was not checking what it intended to check.

Typing in replies in large threads (eg. those that already have hundres
of replies) was slow because every keystroke would cause every
reply to be re-rendered. The critical thread list virtualization
optimization in the client only applies to top-level threads and doesn't
benefit the case of a single thread with a large number of replies.

Implement some easy performance optimizations for large threads (ie.
with hundreds of replies) by memoizing:

 1) `Thread` components so that they don't re-render if something
    changes in a parent but the thread itself is unchanged.
 2) `Annotation` components so that they don't re-render if something
    changes elsewhere in the thread list but the current annotation is not
    changed.

As a result, creating and editing replies in large threads is faster. The
initial action to show a large thread list by clicking "Show replies" is still
slow because this change doesn't help the initial render. However,
editing performance is the most important issue from a user's
perspective.

Partial fix for #2897

Replace the Stale app for closing inactive PRs with a GitHub Action.
See https://github.com/hypothesis/h/pull/6457.

This reverts commit 5c00dcac.

Bumps [sass](https://github.com/sass/dart-sass) from 1.32.2 to 1.32.4.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.32.2...1.32.4)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [preact](https://github.com/preactjs/preact) from 10.5.9 to 10.5.10.
- [Release notes](https://github.com/preactjs/preact/releases)
- [Commits](https://github.com/preactjs/preact/compare/10.5.9...10.5.10)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 5.29.2 to 5.30.0.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/5.29.2...5.30.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [commander](https://github.com/tj/commander.js) from 6.2.1 to 7.0.0.
- [Release notes](https://github.com/tj/commander.js/releases)
- [Changelog](https://github.com/tj/commander.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tj/commander.js/compare/v6.2.1...v7.0.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.824.0 to 2.828.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.824.0...v2.828.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [eslint](https://github.com/eslint/eslint) from 7.17.0 to 7.18.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v7.17.0...v7.18.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Previous commits updated the router service to enable it to correctly
set the route from the initial path in the browser extension. However
some parts of the client still behaved as if they were the sidebar in
the notebook view because there was a second path => route mapping in
`src/sidebar/index.js`.

This commit replaces that with `store.route()` everywhere which is the
route determined by the router service.

This fixes an issue where launching the notebook app in the browser
extension resulted in a "second Discovery server" error in the console.

When the app launches the `router` service sets the initial route based
on the path. When the notebook view is loaded from the extension the
path is `/client/notebook.html` rather than `/notebook`.

Fixes https://github.com/hypothesis/client/issues/2866

Using a generic `<div>` can result in the notebook being positioned
incorrectly or otherwise receiving undesirable styling on pages with
very generic selectors. For example https://example.com.

Using a custom tag name reduces the risk and we already do this for
various other UI elements in the annotator part of the app.

We can protect the contents of the outermost element using Shadow DOM,
but the outermost element itself will always be subject to the page's
styles.