ci: work around attw crash by pinning fflate to 0.8.2

[itssimon]

Summary

The check-attw job has been failing on all recent renovate PRs with:

error while checking file:
Cannot read properties of undefined (reading 'filename')

Root cause

@arethetypeswrong/cli@0.18.2 depends on @arethetypeswrong/core@0.18.2, which declares fflate: ^0.8.2. On fresh installs that now resolves to fflate@0.8.3, which changed the streaming Gunzip callback to fire multiple times (the last being an empty flush chunk). ATTW's tarball extractor overwrites unzipped on every callback instead of accumulating chunks, so only the empty final chunk survives, untar() returns [], and data[0].filename throws.

Tracked upstream as arethetypeswrong/arethetypeswrong.github.io#262. Same fix already merged in apitally/apitally-js#257.

Fix

• Pin fflate to 0.8.2 via an npm overrides block scoped to @arethetypeswrong/cli.
• Add @arethetypeswrong/cli as a devDependency so the override actually applies (overrides don't reach npx -p <pkg> since that installs into a separate temp tree).
• Switch the workflow from npx -p @arethetypeswrong/cli attw --pack --profile esm-only . to npx attw --pack --profile esm-only . to use the locally installed, pinned version.
• Disable Renovate updates for fflate so the workaround sticks until the upstream fix lands.

Verified locally — attw now reports green for all entrypoints.

Test plan

• npm ci && npm run build && npx attw --pack --profile esm-only . passes locally
• check-attw job passes on this PR
• Other CI jobs unaffected

---

Summary by cubic

Fixes check-attw CI crashes by pinning fflate to 0.8.2 for @arethetypeswrong/cli and switching CI to use the locally installed binary. Restores ATTW checks on fresh installs until the upstream fix lands.

• Bug Fixes
  • Pin fflate to 0.8.2 via overrides scoped to @arethetypeswrong/cli.
  • Add @arethetypeswrong/cli as a devDependency and run npx attw in CI to use the pinned version.
  • Disable Renovate for fflate to keep the pin in place.

^{Written for commit 720de42. Summary will update on new commits. Review in cubic}

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.50%. Comparing base (6160c4d) to head (720de42).
⚠️ Report is 18 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #32   +/-   ##
=======================================
  Coverage   88.50%   88.50%           
=======================================
  Files          11       11           
  Lines         261      261           
  Branches       66       66           
=======================================
  Hits          231      231           
  Misses         12       12           
  Partials       18       18           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cubic-dev-ai]

No issues found across 4 files

_{Re-trigger cubic}