remove dependency to embedchain

[s-sangam]

Currently CrewAI tools depend on "embedchain>=0.1.114" - https://github.com/crewAIInc/crewAI-tools/blob/main/pyproject.toml.
Can we make the CrewAI tool dependency to embedchain optional? . There was an issue raised in this regard to make dependency to embedchain optional - #292.
However the latest versions of crewAI tool definition still have the dependency to embedchain.

Reasons:

1. The current version of embedchain (v0.1.128) depends on langchain-cohere versions <0.4.0, which in turn depend on the experimental package langchain-experimental. This experimental package has known security issues. Updating embedchain to use a newer version of langchain-cohere (e.g., v0.4.1 or later) would eliminate this dependency and resolve the security risks. However the team has not yet fixed it.
   Because of he risks flagged by various security scanner tools, they are blocked by Enterprise security scanners. This prevents the adoption of CrewAI.
2. If embedchain is only an optional librray, it should be made as "optional" dependency.

[lucasgomide]

I'll take a look on that later

[s-sangam]

could you please provide a timeline? Because of this I am not able to use it in my Organization and most likely an issue for many Enterprises in adopting CrewAI.
Libraries like Embedchain should be made optional. Not needed for every use case.

[aritraroy24]

@lucasgomide Any update on this?

The latest version of embedchain supports chromadb<0.6.0,>=0.5.10, which in turn requires tokenizers<=0.20.3,>=0.13.2, finally restricting to use the latest versions of transformers.

[lucasgomide]

@s-sangam @aritraroy24 hey .. Haven't had a chance to dive deep into this issue yet, but it's definitely on my radar. 🤔 Might take a look and provide some prompt feedback on if/when we'll fix it by this week

[aritraroy24]

Any update @lucasgomide regarding this?

[lucasgomide]

Not yet. We have been talking about that in the last couple of weeks; we are going to prioritize that soon.