Fix updating lockfile in dependabot PRs

[fhlavac]

Currently, there is an issue in PRs opened by dependabot

• when a dependency is updated in package.json, the change is not reflected in the package-lock.json - merging such PRs may be dangerous as the CI is not actually running with the updated version of the dependency
• PRs updating only dependencies listed in the package-lock.json file look correct

clone of #patternfly/react-component-groups#557