How can we make more effective use of Dependabot?

[jamesallardice]

Currently, Dependabot opens PRs, we ignore them and then do periodic sweeping dependency upgrades which covers all (or most) of Dependabot's suggestions and the PRs get automatically closed. If we had some form of automated testing to verify the PRs that Dependabot raises, we could keep on top of them with more confidence.

We should also ensure that the serverless package is excluded from the Dependabot process because an upgrade to it requires additional changes (e.g. updating the pinned version in serverless.yml).