chore: Config renovate to only trigger updates due to security issues

[phlipsterit]

Description

We will only be fixing critical bugs in this repository going forward. New development will be done in https://github.com/Altinn/altinn-studio.

Because of this, it doesn't seem worth it to use time to update libraries to new version with new features that might have breaking changes.

Thus we configure our renovate to only create updates that fixes security vulnerabilities.

Related Issue(s)

• closes #{issue number}

Verification/QA

• Manual functionality testing
  • I have tested these changes manually
  • Creator of the original issue (or service owner) has been contacted for manual testing (or will be contacted when released in alpha)
  • No testing done/necessary
• Automated tests
  • Unit test(s) have been added/updated
  • Cypress E2E test(s) have been added/updated
  • No automatic tests are needed here (no functional changes/additions)
  • I want someone to help me make some tests
• UU/WCAG (follow these guidelines until we have our own)
  • I have tested with a screen reader/keyboard navigation/automated wcag validator
  • No testing done/necessary (no DOM/visual changes)
  • I want someone to help me perform accessibility testing
• User documentation @ altinn-studio-docs
  • Has been added/updated
  • No functionality has been changed/added, so no documentation is needed
  • I will do that later/have created an issue
• Support in Altinn Studio
  • Issue(s) created for support in Studio
  • This change/feature does not require any changes to Altinn Studio
• Sprint board
  • The original issue (or this PR itself) has been added to the Team Apps project and to the current sprint board
  • I don't have permissions to do that, please help me out
• Labels
  • I have added a kind/* and backport* label to this PR for proper release notes grouping
  • I don't have permissions to add labels, please help me out

[coderabbitai]

📝 Walkthrough

Walkthrough

Renovate configuration is updated to apply security-only update automation alongside existing GitHub Actions digest pinning. The package rules targeting Digdir design system dependencies are removed.

Changes

Renovate Configuration

Layer / File(s)	Summary
Security updates configuration renovate.json	The extends array gains security:only-security-updates preset. Digdir design system package rules (with custom schedule and minimumReleaseAge) are removed from packageRules.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• Altinn/app-frontend-react#4199: Both PRs modify renovate.json extends configuration, with this PR adding security-only updates alongside GitHub Actions digest pinning.

Suggested labels

ignore-for-release, backport-ignore

Suggested reviewers

• JamalAlabdullah

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating renovate config to only trigger security updates, which matches the raw summary showing security:only-security-updates was added.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request follows the required template structure with all major sections included: Description, Related Issue(s), and Verification/QA with appropriate checkboxes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/only-update-security-renovate

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}