chore: update dependencies, GitHub Actions, Dependabot config, add AGENTS.md

[Copilot]

Bumps several stale/unpinned dependencies, hardens GitHub Actions with SHA pinning, and tightens Dependabot cadence per project conventions.

Package updates (package.json)

• stylelint 16.26.1 → 17.4.0
• jquery 3.7.1 → 4.0.0
• package-lock.json refreshed via npm audit fix

GitHub Actions — SHA pinning

Previously unpinned actions now use commit SHAs:

• peaceiris/actions-hugo@v3 → @75d2e84... (v3.0.0)
• Azure/static-web-apps-deploy@v1 → @1a947af... (v1) — both job steps
• sonarsource/sonarqube-scan-action@master → @a31c939... (v7.0.0)
• Fixed stale version comment on actions/dependency-review-action: # v4.7 → # v4.9.0

Dependabot (.github/dependabot.yml)

• npm schedule: weekly → monthly
• Added cooldown: default-days: 7 to github-actions ecosystem (already present for npm)
• open-pull-requests-limit: 1 → 2 for both ecosystems

.github/AGENTS.md (new)

Adds agent guidance document covering SHA pinning, persist-credentials: false, Prettier formatting, cooldown policy, and Dependabot grouping/limits.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Package.json updates</issue_title>
<issue_description>- Update Stylelint & stylelint-config-standard to latest versions

• run nom audit fix
• Update jQuery to v4.0.0
• Update all GitHub Actions to latest versions
• Update Dependabot config to have a cooldown period of 7 days
• in .github folder add a AGENTS.md file with following:

# Agents

<!-- https://agents.md -->

## GitHub Actions Workflows

- Always use the latest version
- YML files should begin with --- on the first line.
- All GitHub Actions should use SHA-1 pinned versions.
- All should be formatted with Prettier.
- If using `actions/checkout`, it should have `persist-credentials: false` set.
- GitHub Actions should have a cooldown period of 7 days.

## Dependabot

- GitHub Actions updates should be grouped and updated monthly.
- npm packages should be grouped and updated monthly.
- Limit number of Dependabot PRs to be open to 2.
- Dependabot config should be formatted with Prettier.
- Dependencies should have a cooldown period of 7 days
```</issue_description>

## Comments on the Issue (you are @copilot in this section)

<comments>
</comments>

• Fixes Package.json updates #438

---

💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.

[Copilot]

Copilot wasn't able to review any files in this pull request.

[github-actions]

Super-linter summary

Language	Validation result
PRE_COMMIT	Pass ✅
TRIVY	Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter

[github-actions]

Azure Static Web Apps: Your stage site is ready! Visit it here: https://lively-rock-075179f10-439.centralus.1.azurestaticapps.net

[github-actions]

Super-linter summary

Language	Validation result
GITHUB_ACTIONS	Pass ✅
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
JSON	Pass ✅
JSON_PRETTIER	Pass ✅
MARKDOWN	Pass ✅
MARKDOWN_PRETTIER	Pass ✅
PRE_COMMIT	Pass ✅
SPELL_CODESPELL	Pass ✅
TRIVY	Pass ✅
YAML	Pass ✅

All files and directories linted successfully

For more information, see the GitHub Actions workflow run

Powered by Super-linter