Bump melos from 3.4.0 to 7.4.0

[dependabot]

Bumps melos from 3.4.0 to 7.4.0.

Changelog

Sourced from melos's changelog.

melos - v7.4.0

• FEAT: Support tag_pattern based versioning in git dependencies (#982). (649026ef)
• FEAT: Changed execution ordering from relying on strongly related components to layered topologic sort (#977). (9a9dfd9d)
• FEAT: Changed from topological sort to layered topologic sort for orderDependents (#976). (6c2e3441)
• FEAT: Retry (with backoff) when executing commands against repo (#971). (c159a681)
• FEAT: recursively discover packages in nested workspaces (#968). (d15b553d)
• DOCS: add supabase codegen package (#969). (79876a61)

2025-10-23

Changes

---

Packages with breaking changes:

• There are no breaking changes in this release.

Packages with other changes:

• melos - v7.3.0

---

melos - v7.3.0

• FEAT: add groups config for scripts and --groupoption (#963). (47982d9b)
• FEAT: add option to opt-out of Intellij runConfiguration generation (#962). (6bc8c246)

2025-10-15

Changes

---

Packages with breaking changes:

• There are no breaking changes in this release.

Packages with other changes:

• melos - v7.2.0

---

melos - v7.2.0

... (truncated)

Commits

• e242812 chore(release): Publish Melos v7.4.0 (#983)
• 649026e feat: Support tag_pattern based versioning in git dependencies (#982)
• 9a9dfd9 feat: Changed execution ordering from relying on strongly related components ...
• 6c2e344 feat: Changed from topological sort to layered topologic sort for orderDepend...
• c159a68 feat: Retry (with backoff) when executing commands against repo (#971)
• 79876a6 docs: add supabase codegen package (#969)
• d15b553 feat: recursively discover packages in nested workspaces (#968)
• 4457e07 chore(release): Publish Melos v7.3.0 (#965)
• 47982d9 feat: add groups config for scripts and --groupoption (#963)
• 6bc8c24 feat: add option to opt-out of Intellij runConfiguration generation (#962)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
custom-lint-website	Error		Feb 2, 2026 0:30am

[docs-page]

To view this pull requests documentation preview, visit the following URL:

docs.page/invertase/dart_custom_lint~380

Documentation is deployed and generated using docs.page.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[tsavo-at-pieces]

Code Quality Review

Changes

Dependabot-generated bump of melos from ^3.0.0 to ^7.4.0 in the root pubspec.yaml. This is a single-line dev_dependencies change in a monorepo root lockfile. The jump spans 4 major versions (3 -> 4 -> 5 -> 6 -> 7).

Quality Assessment

The change itself is trivially correct -- it is a single constraint bump in a root-level dev dependency. However, there are important concerns:

1. Major version gap (3.x to 7.x): This spans 4 major version bumps. Melos 4.x, 5.x, 6.x, and 7.x each had breaking changes to the melos.yaml configuration schema, CLI behavior, and script execution semantics. The project's melos.yaml was written for Melos 3.x and almost certainly needs corresponding updates to work with 7.x. This PR only bumps the constraint without touching melos.yaml at all.

2. No melos.yaml migration: Melos 6.x dropped packageFilters in favor of filters, changed the run command semantics, and 7.x changed execution ordering to layered topological sort. The existing melos.yaml should be audited and updated for compatibility.

3. CI/Build verification: The Vercel deployment already shows an Error status. Before merging, the full melos bootstrap + build pipeline should be verified against the new version.

4. SDK constraint interaction: The root pubspec.yaml still has sdk: ">=3.0.0 <4.0.0". Melos 7.x may require a newer minimum SDK -- this should be verified.

Verdict

NEEDS_WORK -- The constraint bump alone is incomplete. The melos.yaml configuration file must be audited and migrated for Melos 7.x compatibility. Recommend either (a) updating melos.yaml in this same PR to handle the breaking changes across the 4 major versions, or (b) doing an incremental major-version-at-a-time migration. Merging just the constraint bump will likely break melos bootstrap and all melos scripts.

[tsavo-at-pieces]

Fork Maintainer Review (dart_custom_lint)

Reviewing on behalf of open-runtime/dart_custom_lint fork.

Summary

Dependabot PR bumping melos from ^3.0.0 to ^7.4.0 in the root pubspec.yaml.

Upstream Status

This is an upstream-only PR (invertase/dart_custom_lint). Not yet merged.

Assessment

Not applicable to our fork. The open-runtime/dart_custom_lint fork has already migrated away from melos entirely in commit 82426f4 ("chore: bump SDK to ^3.9.0, update custom_lint_core to 0.8.2"), which removed the melos dev dependency and migrated to native Dart workspaces. Our fork's root pubspec no longer has a melos dependency at all.

For the upstream repo: this is a major version bump (3.x -> 7.x) from dependabot. If upstream still uses melos, it would need careful testing for breaking changes across 4 major versions. The melos 7.x changelog shows significant changes including layered topological sort, workspace nesting, and script groups.

Recommendation

CLOSE (for our fork) / HOLD (for upstream -- needs human review of breaking changes across 4 major versions before merging)

No action needed on our fork -- we no longer use melos.

[tsavo-at-pieces]

Compatibility Review (Monorepo Impact)

Reviewer context: We maintain the open-runtime/dart_custom_lint fork, which is consumed as a workspace member in our Dart monorepo (aot_monorepo). All five custom_lint* packages plus lint_visitor_generator are listed in the monorepo root pubspec.yaml workspace list.

Monorepo Impact

HIGH RISK. Our fork does not use melos for day-to-day development -- we rely on Dart native pub workspaces (resolution: workspace in each package's pubspec.yaml, root workspace: list in root pubspec.yaml). We already removed the melos dev dependency from our fork's root pubspec in commit 82426f4 (bumped SDK to ^3.9.0, switched to native workspace resolution). However, merging this into upstream would still affect us when we sync from upstream.

The melos.yaml in this repo was written for Melos 3.x. Melos 4.x-7.x introduced multiple breaking changes:

• Melos 6.x: packageFilters renamed to filters, run semantics changed
• Melos 7.x: execution ordering switched to layered topological sort, tag_pattern versioning in git deps added

Bumping the constraint to ^7.4.0 without updating melos.yaml will break melos bootstrap and all melos-based scripts for anyone still using melos with this repo.

Dependency Concerns

• melos is a dev_dependency in the root pubspec.yaml, so it does not affect the published packages or downstream consumers directly.
• However, if melos 7.x pulls in transitive dependencies that conflict with the analyzer ^9.0.0 constraint used by custom_lint_core and custom_lint, that would be a problem. This needs CI verification.
• Our fork has sdk: ^3.9.0; melos 7.4.0 should be compatible with Dart 3.9+, but this is unverified.

Recommendation

HOLD -- Do not merge as-is. The melos.yaml file must be migrated to Melos 7.x syntax alongside the constraint bump. If the dart_custom_lint project has moved to native Dart workspaces (as our fork has), consider removing the melos dev dependency entirely and closing this PR. From our fork's perspective, we do not need melos at all since we use native workspace resolution.

[dependabot]

Superseded by #383.