Bump terser from 4.4.0 to 4.4.2

Bump @sentry/browser from 5.9.1 to 5.10.1

Bumps [@babel/core](https://github.com/babel/babel) from 7.7.4 to 7.7.5.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.7.4...v7.7.5)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [terser](https://github.com/terser/terser) from 4.4.0 to 4.4.2.
- [Release notes](https://github.com/terser/terser/releases)
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v4.4.0...v4.4.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [@sentry/browser](https://github.com/getsentry/sentry-javascript) from 5.9.1 to 5.10.1.
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/5.9.1...5.10.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Add charset token to Content-Type header for client files deployed to S3

V3 sourcemaps are JSON objects [1]. Using the `application/json` mime
type makes it more obvious why this is listed under text formats.
Sourcemaps are defined to be UTF-8 so the `charset` token is
superfluous, but it shouldn't cause problems either.

See also https://stackoverflow.com/questions/19911929/

[1] https://sourcemaps.info/spec.html#h.qz3o9nc69um5

Avoid effect in tag list

Remove Hypothesis-Client-Version header from "trivial" API requests

Update sharing links to open in blank browser window

Pull out and consolidate local subcomponent `ShareLink` to make sure
all sharing links are created equal.

Fixes https://github.com/hypothesis/browser-extension/issues/261

Fix click callback in `ShareLinks` to not track analytics events until clicked

Faulty construction of a click callback in each `ShareLinks` link was
causing analytics tracking of associated events when the component loads,
not on click.

Fixes https://github.com/hypothesis/client/issues/1566

Add a `charset=UTF-8` token to the `Content-Type` header of client files
deployed to S3. This ensures that characters in JS / CSS / SVG files used in
the host page are interpreted correctly if the host page does not set a
charset itself or sets a non-UTF-8 charset.

Fixes #1547

Extract `AnnotationLicense` component

Simplify and optimize `TagList` a little by determining whether to
render a link directly during the render rather than using an effect.

Effects get run after the component is mounted into the DOM and painted.
In this context this means that, for first party users, the tags would
initially be rendered as spans and then a moment later, they would be
switched to links. If the links and spans were styled differently (which
I don't think they currently are), the user would see a brief flash of the
"wrong" element. Either way, it adds some more work for the browser to
do.

Use fragment instead of query to pass config to sidebar app

Pull out tag rendering from annotation.html into its own component

Remove the custom headers from the `/api/` and `/api/links` API requests
so that we can preload these routes very early in the sidebar app's
startup process using `<link rel="preload">`, thus reducing the number
of roundtrips required before showing annotations.

The original motivations for adding this header (see [1]) don't really
apply to these trivial API requests but to ones which result in real
work on the backend.

For context, see https://hypothes-is.slack.com/archives/C4K6M7P5E/p1575447372326000.

[1] See https://github.com/hypothesis/client/pull/930.

Use a URL fragment rather than query string to pass configuration from
the host page to the sidebar app.

Only the client, not h, needs access to this configuration, but passing
it in a query string causes this information to act as a cache-buster
for what should be a highly-cacheable resource
(https://hypothes.is/app.html). The long query string also ends up
polluting reports in tools like Google Analytics and h access logs.

The content and format of the config string remains the same, only the
delivery method has changed.

Relevant context: https://hypothes-is.slack.com/archives/C4K6M7P5E/p1575447372326000

Extract `AnnotationActionBar` Subcomponent from `Annotation`

Adjust `AnnotationActionButton` props to support this usage

Extract `quote` function from annotation / view-filter

Both `components/annotation` and `view-filter` modules had logic and
tests for extracting a quote from an annotation object. Extract these
into a shared `quote` function in `util/annotation-metadata`.

One small change is that `view-filter`'s implementation allowed
annotation objects with _no_ `target` property. These should never
occur. There is a known issue where creating a Page Note results in an
annotation with an _empty_ `target` property until the annotation is
saved (see [1]). That case, which is still handled, looks like a mistake,
but resolving it is outside the scope of this change.

[1] https://github.com/hypothesis/client/issues/1290

Fix module load error on pages defining `require`

There are two expressions which reference a global `require` function in
the Browserify prelude. Both of them need to be rewritten to use
`hypothesisRequire` instead. Previously only the first use was
rewritten, which worked as long as the page didn't define its own
`require` function. On https://qa.hypothes.is/search for example, h's
JavaScript bundles do.

Refactor `AnnotationBody` and `AnnotationQuote` styles

Update annotation icons (footer icons) to newer, SVG variants

Improve minification of JS bundles

Bump autoprefixer from 9.7.2 to 9.7.3

Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.7.2 to 9.7.3.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/postcss/autoprefixer/compare/9.7.2...9.7.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [eslint-plugin-react](https://github.com/yannickcr/eslint-plugin-react) from 7.16.0 to 7.17.0.
- [Release notes](https://github.com/yannickcr/eslint-plugin-react/releases)
- [Changelog](https://github.com/yannickcr/eslint-plugin-react/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yannickcr/eslint-plugin-react/compare/v7.16.0...v7.17.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.578.0 to 2.581.0.
- [Release notes](https://github.com/aws/aws-sdk-js/releases)
- [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js/compare/v2.578.0...v2.581.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>