Bumps [fetch-mock](https://github.com/wheresrhys/fetch-mock/tree/HEAD/packages/fetch-mock) from 10.0.7 to 11.1.3.
- [Release notes](https://github.com/wheresrhys/fetch-mock/releases)
- [Changelog](https://github.com/wheresrhys/fetch-mock/blob/main/packages/fetch-mock/CHANGELOG.md)
- [Commits](https://github.com/wheresrhys/fetch-mock/commits/fetch-mock-v11.1.3/packages/fetch-mock)

---
updated-dependencies:
- dependency-name: fetch-mock
  dependency-type: direct:development
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>

When filtering annotations the `forcedVisible` list was taken into account, but
not when filtering threads. Consult this list when filtering threads as well.

This fixes an issue where newly created annotations would not be shown if they
did not match a thread filter. Note that newly added annotations are added to
the forced-visible set by the `ThreadList` component.

Add a property to filter facets which indicate whether they apply to annotations
and replies or only threads. Use this property to apply the filter either to all
annotations or only the root annotation in a thread respectively.

Queries based on the user or annotation body for example can apply to both.
Queries based on a selector such as page number, book chapter or quote only make
sense as thread-level filters.

Fixes https://github.com/hypothesis/support/issues/158

The internal function that filters annotations returned a list of matching IDs.
Unsaved annotations do not have IDs, so were excluded from the matches. Change
the function to return a list of matching annotations instead, lifting this
restriction.

No callers of the function had to change because currently they only test the
length of the returned array.

A caveat with this change is that it only matches the data stored in the
annotation object, not data stored in separate "draft" objects which are
combined when rendering unsaved annotations. The result is that a filter will
only match the fields of the annotation that are populated when the new
annotation initially appears in the sidebar. This for example includes the user
and page number, but not text added in the text field later.

Previously `pageLabelInRange` treated an empty label like a fully-open page
range ("-"). Since a fully open range overlaps all other ranges, the function
would always return true. Now it treats an empty string as an unparsable range
and returns false.

When filtering annotations, this change means that a page range filter will
no longer match annotations without a page range.

Bumps [express](https://github.com/expressjs/express) from 4.19.2 to 4.20.0.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.19.2...4.20.0)

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss) from 3.4.10 to 3.4.11.
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/v3.4.11/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/compare/v3.4.10...v3.4.11)

---
updated-dependencies:
- dependency-name: tailwindcss
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [sinon](https://github.com/sinonjs/sinon) from 18.0.0 to 19.0.2.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v18.0.0...v19.0.2)

---
updated-dependencies:
- dependency-name: sinon
  dependency-type: direct:development
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps the sentry group with 2 updates: [@sentry/browser](https://github.com/getsentry/sentry-javascript) and [@sentry/cli](https://github.com/getsentry/sentry-cli).


Updates `@sentry/browser` from 8.29.0 to 8.30.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/8.29.0...8.30.0)

Updates `@sentry/cli` from 2.35.0 to 2.36.1
- [Release notes](https://github.com/getsentry/sentry-cli/releases)
- [Changelog](https://github.com/getsentry/sentry-cli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-cli/compare/2.35.0...2.36.1)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: sentry
- dependency-name: "@sentry/cli"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: sentry
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps the rollup group with 1 update: [rollup](https://github.com/rollup/rollup).


Updates `rollup` from 4.21.2 to 4.21.3
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.21.2...v4.21.3)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rollup
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [preact-render-to-string](https://github.com/preactjs/preact-render-to-string) from 6.5.10 to 6.5.11.
- [Release notes](https://github.com/preactjs/preact-render-to-string/releases)
- [Changelog](https://github.com/preactjs/preact-render-to-string/blob/main/CHANGELOG.md)
- [Commits](https://github.com/preactjs/preact-render-to-string/compare/v6.5.10...v6.5.11)

---
updated-dependencies:
- dependency-name: preact-render-to-string
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [preact](https://github.com/preactjs/preact) from 10.23.2 to 10.24.0.
- [Release notes](https://github.com/preactjs/preact/releases)
- [Commits](https://github.com/preactjs/preact/compare/10.23.2...10.24.0)

---
updated-dependencies:
- dependency-name: preact
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@hypothesis/frontend-shared](https://github.com/hypothesis/frontend-shared) from 8.4.3 to 8.5.0.
- [Release notes](https://github.com/hypothesis/frontend-shared/releases)
- [Changelog](https://github.com/hypothesis/frontend-shared/blob/main/docs/releases.md)
- [Commits](https://github.com/hypothesis/frontend-shared/compare/v8.4.3...v8.5.0)

---
updated-dependencies:
- dependency-name: "@hypothesis/frontend-shared"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) from 3.645.0 to 3.651.1.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.651.1/clients/client-s3)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-s3"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps the sentry group with 2 updates: [@sentry/browser](https://github.com/getsentry/sentry-javascript) and [@sentry/cli](https://github.com/getsentry/sentry-cli).


Updates `@sentry/browser` from 8.28.0 to 8.29.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/8.28.0...8.29.0)

Updates `@sentry/cli` from 2.34.1 to 2.35.0
- [Release notes](https://github.com/getsentry/sentry-cli/releases)
- [Changelog](https://github.com/getsentry/sentry-cli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-cli/compare/2.34.1...2.35.0)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: sentry
- dependency-name: "@sentry/cli"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: sentry
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [sass](https://github.com/sass/dart-sass) from 1.77.8 to 1.78.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.77.8...1.78.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [diff](https://github.com/kpdecker/jsdiff) from 5.2.0 to 7.0.0.
- [Changelog](https://github.com/kpdecker/jsdiff/blob/master/release-notes.md)
- [Commits](https://github.com/kpdecker/jsdiff/compare/v5.2.0...7.0.0)

---
updated-dependencies:
- dependency-name: diff
  dependency-type: direct:development
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) from 3.637.0 to 3.645.0.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.645.0/clients/client-s3)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-s3"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps the rollup group with 1 update: [rollup](https://github.com/rollup/rollup).


Updates `rollup` from 4.21.0 to 4.21.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.21.0...v4.21.2)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: rollup
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [postcss](https://github.com/postcss/postcss) from 8.4.41 to 8.4.45.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.4.41...8.4.45)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps the typescript-types group with 1 update: [@types/chai](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chai).


Updates `@types/chai` from 4.3.18 to 4.3.19
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chai)

---
updated-dependencies:
- dependency-name: "@types/chai"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: typescript-types
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [preact-render-to-string](https://github.com/preactjs/preact-render-to-string) from 6.5.9 to 6.5.10.
- [Release notes](https://github.com/preactjs/preact-render-to-string/releases)
- [Changelog](https://github.com/preactjs/preact-render-to-string/blob/main/CHANGELOG.md)
- [Commits](https://github.com/preactjs/preact-render-to-string/compare/v6.5.9...v6.5.10)

---
updated-dependencies:
- dependency-name: preact-render-to-string
  dependency-type: direct:development
  update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@hypothesis/frontend-shared](https://github.com/hypothesis/frontend-shared) from 8.3.0 to 8.4.3.
- [Release notes](https://github.com/hypothesis/frontend-shared/releases)
- [Changelog](https://github.com/hypothesis/frontend-shared/blob/main/docs/releases.md)
- [Commits](https://github.com/hypothesis/frontend-shared/compare/v8.3.0...v8.4.3)

---
updated-dependencies:
- dependency-name: "@hypothesis/frontend-shared"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps the sentry group with 2 updates in the / directory: [@sentry/browser](https://github.com/getsentry/sentry-javascript) and [@sentry/cli](https://github.com/getsentry/sentry-cli).


Updates `@sentry/browser` from 8.26.0 to 8.28.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-javascript/compare/8.26.0...8.28.0)

Updates `@sentry/cli` from 2.33.1 to 2.34.1
- [Release notes](https://github.com/getsentry/sentry-cli/releases)
- [Changelog](https://github.com/getsentry/sentry-cli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/getsentry/sentry-cli/compare/2.33.1...2.34.1)

---
updated-dependencies:
- dependency-name: "@sentry/browser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: sentry
- dependency-name: "@sentry/cli"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: sentry
...
Signed-off-by: dependabot[bot] <support@github.com>

In CI the reported `window.innerWidth` is 765px so side-by-side doesn't
activate. Stub the value in the `PDFIntegration.destroy` tests as we do in the
`fitSideBySide` tests.

The tests previously assumed a window width of 800px. This changed recently and
in Chrome 130, is 1200px. Revise two tests that were failing locally to tolerate
more variation in the window size.

An `onDocumentReady` test was failing in current versions of Chrome, with the
callback being invoked twice with the same error instead of once. This can happen
with this sequence of events:

 1. Watched frame fires an "unload" event. This starts a polling timer.
 2. The timer fires and the callback is invoked with a cross-origin error
 3. Frame fires "load" event, and the callback is invoked a second time with
    a cross-origin error
 4. The test's "load" event handler is run

It is not a problem for current callers of `onDocumentReady` if the callback
fires twice, so just relax the check in the tests.

Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.5 to 4.0.8.
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/4.0.8/CHANGELOG.md)
- [Commits](https://github.com/micromatch/micromatch/compare/4.0.5...4.0.8)

---
updated-dependencies:
- dependency-name: micromatch
  dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>

Set the `encoding` option to `false` [1] when copying KaTeX fonts so they are
treated as binary rather than text. This fixes an issue where the fonts were
corrupted in the process.

[1] https://gulpjs.com/docs/en/api/src/#options

Fixes https://github.com/hypothesis/client/issues/6526

Bumps the typescript-types group with 1 update: [@types/chai](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chai).


Updates `@types/chai` from 4.3.17 to 4.3.18
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chai)

---
updated-dependencies:
- dependency-name: "@types/chai"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: typescript-types
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@hypothesis/frontend-shared](https://github.com/hypothesis/frontend-shared) from 8.2.0 to 8.3.0.
- [Release notes](https://github.com/hypothesis/frontend-shared/releases)
- [Changelog](https://github.com/hypothesis/frontend-shared/blob/main/docs/releases.md)
- [Commits](https://github.com/hypothesis/frontend-shared/compare/v8.2.0...v8.3.0)

---
updated-dependencies:
- dependency-name: "@hypothesis/frontend-shared"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps the babel group with 1 update: [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env).


Updates `@babel/preset-env` from 7.25.3 to 7.25.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.25.4/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/preset-env"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: babel
...
Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3) from 3.633.0 to 3.637.0.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.637.0/clients/client-s3)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-s3"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>

Before loading groups the client waits for the main document frame to connect in
order to be able to fetch groups associated with that frame's URL. In
VitalSource however there is no "main frame", only the current content frame, so
`GroupsService._loadGroupsForUserAndDocument` waited indefinitely.

This failure to fetch groups did not happen on the initial launch due to a
different bug in `GroupsService._loadGroupsForUserAndDocument`. The
`this_store.route()` call returned `null` during startup and hence the code did
not wait for the main frame to connect. After a subsequent login/logout however,
the `route` call returned "sidebar" and the code did wait for the main frame.

This problem also did not happen in the LMS environment because there the client
loads a set of groups specified by our LMS app, instead of fetching groups based
on the logged-in user and current document.

Solve the first problem by using the `defaultContentFrame` method to get the
frame instead of `mainFrame`. `defaultContentFrame` returns the main frame if
there is one, or the first content frame that connected otherwise.