[wip] switch js2py to pythonmonkey

[derrickaw]

1. Attempts to fix [Task]: Remediate CVE-2024-28397 #31799
2. Investigated several alternatives including PyMiniRacer, QuickJS, PythonMonkey, Dukpy and several others. PythonMonkey is currently maintained, has a more modern engine using Mozilla's SpiderMonkey engine, has zero known vulnerabilities, etc, so went with that since the others were weak in one way or another with those criteria.

---

Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:

• Mention the appropriate issue in your description (for example: addresses #123), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, comment fixes #<ISSUE NUMBER> instead.
• Update CHANGES.md with noteworthy changes.
• If this contribution is large, please file an Apache Individual Contributor License Agreement.

See the Contributor Guide for more tips on how to make review process smoother.

To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md

GitHub Actions Tests Status (on master branch)

See CI.md for more information about GitHub Actions CI or the workflows README to see a list of phrases to trigger workflows.

[gemini-code-assist]

Summary of Changes

Hello @derrickaw, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly upgrades the JavaScript execution capabilities within Apache Beam's YAML module by replacing the js2py library with pythonmonkey. This change resolves compatibility issues, particularly with newer Python versions, and leverages a more actively maintained and robust JavaScript engine (Mozilla's SpiderMonkey) to enhance the reliability and security of JavaScript user-defined functions. The refactoring introduces a dedicated class for handling JavaScript callables, streamlining the integration and execution of JavaScript logic within Beam pipelines.

Highlights

• JavaScript Engine Replacement: Replaced the js2py library with pythonmonkey for executing JavaScript user-defined functions (UDFs) within Apache Beam's YAML module.
• Improved Compatibility and Maintenance: Addressed limitations of js2py, such as incompatibility with Python 3.12 and lack of active maintenance, by adopting pythonmonkey, which utilizes Mozilla's actively developed SpiderMonkey engine.
• Refactored JavaScript Callable Handling: Introduced a new JavaScriptCallable class to encapsulate the logic for loading and executing JavaScript functions, supporting expressions, callables, and file-based UDFs.
• Dependency Update: Updated the setup.py file to remove js2py and include pythonmonkey as a dependency for the yaml extra.
• Test Migration: Migrated existing unit tests to reflect the change from js2py to pythonmonkey.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• sdks/python/apache_beam/yaml/yaml_mapping.py
  • Replaced js2py import with pythonmonkey.
  • Removed the _CustomJsObjectWrapper class and related js2py specific object conversion logic.
  • Introduced a new JavaScriptCallable class to encapsulate JavaScript function loading and execution.
  • Refactored _expand_javascript_mapping_func to utilize the new JavaScriptCallable and pythonmonkey's eval function.
  • Added _finalize_js_result to coerce pythonmonkey objects to native Python types.
• sdks/python/apache_beam/yaml/yaml_udf_test.py
  • Updated imports to use pythonmonkey instead of js2py.
  • Modified unittest.skipIf decorators to check for pythonmonkey's presence.
• sdks/python/setup.py
  • Removed js2py from the apache_beam[yaml] extra dependencies.
  • Added pythonmonkey>=1.3.0 as a dependency for Python versions >= 3.8.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩