[BEAM-2068] Pin apitools to 0.5.8

[sb2nov]

Be sure to do all of the following to help us incorporate your contribution
quickly and easily:

• Make sure the PR title is formatted like:
  [BEAM-<Jira issue #>] Description of pull request
• Make sure tests pass via mvn clean verify. (Even better, enable
  Travis-CI on your fork and ensure the whole test matrix passes).
• Replace <Jira issue #> in the title with the actual Jira issue
  number, if there is one.
• If this contribution is large, please file an Apache
  Individual Contributor License Agreement.

---

R: @aaltay PTAL

[aaltay]

Could you add a JIRA issue to upgrade to 0.5.9 and as a warning for what is wrong.

[sb2nov]

R: @aaltay done.

[aaltay]

Should we actually pin all dependencies? We make the assumption that our dependencies would not introduce breaking changes without a major version change but it happens frequently.

[sb2nov]

I don't have strong opinions around this but here are some of my thoughts:

1. We can upgrade at our own pace and can always promise that beam head is stable.

2. Having really strict version pinning makes it hard for users of Beam to always make sure they are using the same versions of the library. So if a user was already using a higher version than us for a library that made safe changes, it'll be annoying for them but I guess if we generally stay up to date with latest versions very few ppl will have that issue.
   Might be worthwhile exploring some sort of version-eye style system to make sure we're upgrading on time.

[aaltay]

Your have valid points. Then at release time we need to ensure that corresponding pieces (e.q. dataflow container) has at least the minimum version of all referenced dependencies.

[aaltay]

LGTM

[sb2nov]

Thanks