chore(security): add 3-day Dependabot cooldown and grouped updates

[Copilot]

This updates Dependabot configuration to enforce a 3-day cooldown on automated update PRs while preserving existing grouping behavior per ecosystem. It also confirms package-lock.json is committed so CI npm ci remains deterministic.

• Dependabot cadence hardening

  • Added cooldown.default-days: 3 to every entry under updates in .github/dependabot.yml.

• Grouping behavior preserved

  • Existing groups blocks were left intact on both current entries (including github-actions), per requirement to avoid rewriting existing grouping definitions.

• Deterministic Node install path

  • Confirmed package-lock.json is present and tracked in the repository for workflow consistency with .github/workflows/nodejs.yml.

updates:
  - package-ecosystem: npm
    directory: /
    schedule:
      interval: monthly
    cooldown:
      default-days: 3
    groups:
      dependencies:
        patterns:
          - '*'

[felickz]

@copilot fix the failing CI (https://github.com/advanced-security/ghe-cross-instance-committers/actions/runs/26187443244/job/77256252377?pr=41) for this PR

[Copilot]

@copilot fix the failing CI (https://github.com/advanced-security/ghe-cross-instance-committers/actions/runs/26187443244/job/77256252377?pr=41) for this PR

Addressed in commit e9503e1.

I fixed the CI break by restoring ESLint v9 compatibility with the repo’s existing .eslintrc setup and adding jest-util as a direct dev dependency so ts-jest can resolve it during tests.