`json-logic` dependency incompatibility

[alexhenman]

When installing mixpanel==5.1.0 with uv we get this error:

  × No solution found when resolving dependencies:
  ╰─▶ Because there is no version of json-logic==0.7.0a0 and mixpanel==5.1.0 depends on json-logic==0.7.0a0, we can conclude that mixpanel==5.1.0 cannot be used.
      And because you require mixpanel==5.1.0, we can conclude that your requirements are unsatisfiable.

      hint: `json-logic` was requested with a pre-release marker (e.g., json-logic==0.7.0a0), but pre-releases weren't enabled (try: `--prerelease=allow`)

Obviously the suggested workaround here works, or I believe if we explicitly add json-logic==0.7.0a0 to our dependencies then uv will also handle that by default.

---

More broadly though what makes me a little uneasy is that we're now introducing a dependency which is an alpha version released in March 2017 to our stack.

I see there was some discussion here but I wonder if this might be worth another discussion around the security implications of using a very old unmaintained dependency.

At the very least would it be possible to bundle this as an extra dependency so it's an optional addon if users want to make use of the new runtime rules engine?