Add Copilot guidelines for dependency update validation

Author: jreineckearm

.github/copilot-instructions.md

@@ -86,6 +86,15 @@ Every TypeScript file under `src` and `scripts` must start with this header (adj
 * Provide meaningful error and log messages that help troubleshooting
 * Preserve existing behavior unless a change is intentional; cover behavior changes with tests
 
+## Dependency Updates
+
+Check the following for dependency updates and involved versions in package.json and the lock file. Do this for PRs from developers and Dependabot.
+* Known functional issues, API changes, or other incompatibilities
+* Known security vulnerabilities, malicious code, or supply chain attacks
+* Are the new version older than 3 days. Use NPM registry, GitHub releases, and GitHub tags to determine (in the listed order)
+
+Add the results to the review report.
+
 ## Imports
 
 * Group imports in this order: