feat: migrate pnpm

[YoannNumericite]

No description provided.

[revu-bot]

An error occurred: ## ⚠️ PR Review Skipped

2 validation issues found. Review thresholds can be adjusted in .revu.yml.

See why it was skipped and detailed metrics

Issues Found

1. This PR has 57070 lines of diff, which exceeds the limit of 15000 lines.

Suggestion: Consider splitting this PR into smaller chunks. Large diffs are difficult to review thoroughly and may hide important issues.

2. This PR contains files that exceed the size limit: 'formulaire/package-lock.json' (6162 lines of changes), 'formulaire/yarn.lock' (7805 lines of changes), 'package-lock.json' (17465 lines of changes), 'pnpm-lock.yaml' (13905 lines of changes), 'yarn.lock' (9512 lines of changes), which exceeds the limit of 3000. The limit is 3000 lines per file.

Suggestion: Consider refactoring large changes into smaller, more focused modifications. Large file changes are harder to review and understand.

PR Metrics

• Total files changed: 21
• Reviewable files: 21
• Diff size: 57070 lines
• Documentation files: 1
• Largest file change: 17465 lines
• Addition/Deletion ratio: 0.33

---

This validation helps ensure the bot focuses on PRs where automated review provides the most value.

Revu logs

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	eslint-config-next@​14.2.30 ⏵ 14.2.35
	@​types/​multer@​1.4.12 ⏵ 1.4.13
	@​types/​react@​19.1.8 ⏵ 19.2.7
	@​types/​lodash@​4.17.19 ⏵ 4.17.21			+1
	csv-stringify@​6.5.2 ⏵ 6.6.0	+1
	@​prisma/​client@​6.10.1 ⏵ 6.19.1	+1		+2
	dotenv@​16.6.0 ⏵ 16.6.1	+1			-1
	jsonwebtoken@​9.0.2 ⏵ 9.0.3	+1
	@​tanstack/​react-query@​4.40.0 ⏵ 4.42.0	+1		+1	+1
	typescript@​5.8.3 ⏵ 5.9.3			+1
	form-data@​4.0.3 ⏵ 4.0.5		+75
	@​sentry/​node@​7.120.3 ⏵ 7.120.4				+1
	@​socialgouv/​matomo-next@​1.9.2 ⏵ 1.11.0	-2			+11
	@​trpc/​client@​10.45.2 ⏵ 10.45.3				+1
	axios@​1.8.4 ⏵ 1.13.2		+16
	prisma@​6.10.1 ⏵ 6.19.1	+1		+1
	@​sentry/​nextjs@​7.120.3 ⏵ 7.120.4				-3
	zod@​3.25.67 ⏵ 3.25.76	+1
	@​trpc/​server@​10.45.2 ⏵ 10.45.3		+16		+1
	@​aws-sdk/​client-s3@​3.840.0 ⏵ 3.952.0	+1
	@​aws-sdk/​s3-request-presigner@​3.840.0 ⏵ 3.952.0
	@​trpc/​next@​10.45.2 ⏵ 10.45.3				+1
	@​trpc/​react-query@​10.45.2 ⏵ 10.45.3				+1

View full report

[revu-bot]

An error occurred: ## ⚠️ PR Review Skipped

3 validation issues found. Review thresholds can be adjusted in .revu.yml.

See why it was skipped and detailed metrics

Issues Found

1. This PR changes 26 files, which exceeds the limit of 25 files.

Suggestion: Consider breaking this PR into smaller, more focused changes. Large PRs are harder to review effectively and may contain unrelated changes.

2. This PR has 57168 lines of diff, which exceeds the limit of 15000 lines.

Suggestion: Consider splitting this PR into smaller chunks. Large diffs are difficult to review thoroughly and may hide important issues.

3. This PR contains files that exceed the size limit: 'formulaire/package-lock.json' (6162 lines of changes), 'formulaire/yarn.lock' (7805 lines of changes), 'package-lock.json' (17465 lines of changes), 'pnpm-lock.yaml' (13905 lines of changes), 'yarn.lock' (9512 lines of changes), which exceeds the limit of 3000. The limit is 3000 lines per file.

Suggestion: Consider refactoring large changes into smaller, more focused modifications. Large file changes are harder to review and understand.

PR Metrics

• Total files changed: 26
• Reviewable files: 26
• Diff size: 57168 lines
• Documentation files: 1
• Largest file change: 17465 lines
• Addition/Deletion ratio: 0.33

---

This validation helps ensure the bot focuses on PRs where automated review provides the most value.

Revu logs

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/entities@6.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud