Include dependencies label by default

[manics]

dependabot adds a dependencies label to its PRs. Include this by default in scc merge

[sbesson]

Given the migration to using dependabot for critical vulnerabilities as well as component upgrade, this proposed change makes sense to me but I think a general team sign-off would be useful as this change will modify the expectations for dependency PRs opened by dependabot across all components of the project.

Currently, such PRs are not included by default and after a light review these, they can be included manually in the daily CI builds via label/comment. With this proposal, these PRs would be auto-included assuming they pass the other checks and a manual intervention will only be required for excluding/closing them.

[joshmoore]

No objections but just in case we'd prefer to handle it per repository see https://github.com/dependabot/feedback/issues/139

[manics]

You can also customise labels in the dependabot config file https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#labels