[Bug] - Updating Dependency Versions

[AdriMichelson]

Python Package Conflicts

Detailed Description

The following packages are causing conflicts for setting up in Mage.AI to utilize the functions for ActionKit.

pyopenssl 23.0.0 requires cryptography<40,>=38.0.0, but you have cryptography 36.0.2 which is incompatible.
parsons 1.0.0 requires jinja2==3.0.2, but you have jinja2 3.1.2 which is incompatible.
parsons 1.0.0 requires PyJWT==2.4.0, but you have pyjwt 2.6.0 which is incompatible.
parsons 1.0.0 requires python-dateutil==2.8.1, but you have python-dateutil 2.8.2 which is incompatible.
parsons 1.0.0 requires requests==2.25.1, but you have requests 2.27.1 which is incompatible.
parsons 1.0.0 requires SQLAlchemy==1.3.23, but you have sqlalchemy 1.4.46 which is incompatible.

To Reproduce

Utilizing Mage.AI and importing Parsons.

Your Environment

• Version of Parsons used (if you know):
• Environment name and version (e.g. Chrome 39, node.js 5.4):
• Operating System and version (desktop or mobile):

Additional Context

Add any other context about the problem here.

Priority

Please indicate whether fixing this bug is high, medium, or low priority for you. If the issue is time-sensitive for you, please let us know when you need it addressed by.

Medium. We may be able to get around it with the guide provided by Shauna on Dependencies. But opening this up to think through dependency management as a whole with the package. https://www.parsonsproject.org/pub/friendly-dependencies/

[Jason94]

I want to bump this issue because the SQLAlchemy version in particular is very out of date. Current versions of pandas actually require SQLAlchemy version 1.4/2.0, and Parsons is on 1.3. So all of the pandas database functions actually don't work with the current version of SQLAlchemy.

This isn't the paradigm we usually use when working with Parsons to connect to a database. But it can break code that is using pandas to connect to the DB in the same environment as some Parsons code (this happened to me today).

I don't know how much work would be involved in updating SQLAlchemy to 1.4 or 2.0, but we should consider upgrading to one of those.

Longer term, what are best practices for maintaining dependency versions in Python libraries? How do other projects manage their dependencies, keeping them reasonably up to date while keeping the library stable?

[techxorcist]

Also bumping this issue because it is preventing building a custom image including Parsons for use by a Prefect worker. Specifically, Prefect requires python-dateutil<3.0.0 and >=2.8.2 (since a July 2019 PR) while Parsons is pinned to python-dateutil==2.8.1 as noted in the original message. Since the conflicting package is a core requirement of Parsons, the friendly dependency option does not seem viable.

UPDATE: If someone else comes across this issue in a similar context, the limited dependencies workaround should get you past the conflict, even for core dependencies like python-dateutil. In the context of building an image, include

ENV PARSONS_LIMITED_DEPENDENCIES=true
ENV PIP_NO_BINARY=parsons

in your Dockerfile prior to your pip install commands.