mitmproxy和gerapy的依赖库冲突该如何解决

Question

用pipenv创建了虚拟环境
先安装了mitmproxy库，其中的依赖
cryptography<3.0,>=2.9 (from mitmproxy==5.2->-r
后面又安装gerapy,其中也依赖这个库
cryptography==2.8 (from gerapy==0.9.3
安装gerapy时就报错了

[pipenv.exceptions.ResolutionFailure]: Warning: Your dependencies could not be resolved. You likely have a mismatch in your sub-dependencies.
  First try clearing your dependency cache with $ pipenv lock --clear, then try the original command again.
 Alternatively, you can use $ pipenv install --skip-lock to bypass this mechanism, then run $ pipenv graph to inspect the situation.
  Hint: try $ pipenv lock --pre if it is a pre-release dependency.
ERROR: Could not find a version that matches cryptography<3.0,==2.8,>=2.0,>=2.8,>=2.9 (from mitmproxy==5.2->-r C:\Users\48967\AppData\Local\Temp\pipenvlvz097obrequirements\pipenv-w641opik-constraints.txt (line 5))
Tried: 0.1, 0.2, 0.2.1, 0.2.2, 0.3, 0.4, 0.5, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.6, 0.6.1, 0.7, 0.7.1, 0.7.2, 0.8, 0.8.1, 0.8.2, 0.9, 0.9.1, 0.9.2, 0.9.3, 1.0, 1.0.1, 1.0.2, 1.1, 1.1.1, 1.1.2, 1.2, 1.2.1, 1.2.2, 1.2.3, 1.3, 1.3.1, 1.3.2,
 1.3.3, 1.3.4, 1.4, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.7, 1.7.1, 1.7.2, 1.8, 1.8.1, 1.8.2, 1.9, 2.0, 2.0.1, 2.0.2, 2.0.3, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2, 2.2.1, 2.2.2, 2.2.2, 2.3, 2.3, 2.3.1, 2.3.1, 2.4, 2.4, 2.4.1, 2.4.1, 2.4.2
, 2.4.2, 2.5, 2.5, 2.6, 2.6, 2.6.1, 2.6.1, 2.7, 2.7, 2.8, 2.8, 2.9, 2.9, 2.9.1, 2.9.1, 2.9.2, 2.9.2, 3.0, 3.0
There are incompatible versions in the resolved dependencies:
  cryptography<3.0,>=2.9 (from mitmproxy==5.2->-r C:\Users\48967\AppData\Local\Temp\pipenvlvz097obrequirements\pipenv-w641opik-constraints.txt (line 5))
  cryptography==2.8 (from gerapy==0.9.3->-r C:\Users\48967\AppData\Local\Temp\pipenvlvz097obrequirements\pipenv-w641opik-constraints.txt (line 11))
  cryptography>=2.0 (from scrapy==2.2.1->-r C:\Users\48967\AppData\Local\Temp\pipenvlvz097obrequirements\pipenv-w641opik-constraints.txt (line 27))
  cryptography>=2.8 (from pyopenssl==19.1.0->-r C:\Users\48967\AppData\Local\Temp\pipenvlvz097obrequirements\pipenv-w641opik-constraints.txt (line 6))

我按照上面的提示使用pipenv lock --clear结果还是报上面同样的错误。
然后上网查看，找到一篇差不多的问题里面提示要么删除其中一个，要么找到其中一个较老的版本能使得二者依赖不冲突，但是我不知道如何查看一个还未安装的python第三方库的依赖库及版本，且不知道这个思路对不对，求大神指教。
https://stackoverflow.com/que...