Bump pinned @coana-tech/cli to 15.3.24

Author: mtorp

CHANGELOG.md

@@ -5,7 +5,7 @@
 ### Changed: pin @coana-tech/cli version; auto-update is now opt-in
 
 - Reachability analysis now runs a fixed `@coana-tech/cli` version pinned to this CLI release
-  (`15.3.22`) via `npx`, instead of silently pulling the latest published version on every run.
+  (`15.3.24`) via `npx`, instead of silently pulling the latest published version on every run.
   Engine version changes now ride with the Socket Python CLI release (standard `pip` upgrade),
   giving advance notice of analysis-engine changes.
 - The CLI no longer runs `npm install -g @coana-tech/cli`; an existing global install is left

docs/cli-reference.md

@@ -240,7 +240,7 @@ If you don't want to provide the Socket API Token every time then you can use th
 | Parameter                        | Required | Default | Description                                                                                                                |
 |:---------------------------------|:---------|:--------|:---------------------------------------------------------------------------------------------------------------------------|
 | `--reach`                          | False    | False   | Enable reachability analysis to identify which vulnerable functions are actually called by your code. Creates a tier-1 full-application reachability scan (`scan_type=socket_tier1`). |
-| `--reach-version`                  | False    | *pinned* | Version of @coana-tech/cli to use. Defaults to the version pinned to this CLI release (currently `15.3.22`), so the engine only changes when you upgrade the Socket CLI. Pass `latest` to always use the newest published version (opt-in auto-update), or an explicit version (e.g. `1.2.3`) to pin it. |
+| `--reach-version`                  | False    | *pinned* | Version of @coana-tech/cli to use. Defaults to the version pinned to this CLI release (currently `15.3.24`), so the engine only changes when you upgrade the Socket CLI. Pass `latest` to always use the newest published version (opt-in auto-update), or an explicit version (e.g. `1.2.3`) to pin it. |
 | `--reach-analysis-timeout`         | False    | *coana* | Timeout in seconds for the reachability analysis. Omitted by default, so coana applies its own (currently 600s). Alias: `--reach-timeout` |
 | `--reach-analysis-memory-limit`    | False    | *coana* | Memory limit in MB for the reachability analysis. Omitted by default, so coana applies its own (currently 8192). Alias: `--reach-memory-limit` |
 | `--reach-concurrency`              | False    | *coana* | Control parallel analysis execution (must be >= 1). Omitted by default, so coana applies its own (currently 1)             |

socketsecurity/core/tools/reachability.py

@@ -16,7 +16,7 @@
 # Pinned @coana-tech/cli version. Bumped deliberately per Python CLI release so the
 # reachability engine version only changes through a standard pip upgrade (advance notice).
 # Pass --reach-version latest to opt into the newest published version instead.
-DEFAULT_COANA_CLI_VERSION = "15.3.22"
+DEFAULT_COANA_CLI_VERSION = "15.3.24"
 
 
 def _build_caller_user_agent() -> str:
@@ -54,7 +54,7 @@ def _resolve_coana_package_spec(self, version: Optional[str] = None) -> str:
                 - '<semver>': that exact version.
 
         Returns:
-            str: The package specifier to use with npx (e.g. '@coana-tech/cli@15.3.22').
+            str: The package specifier to use with npx (e.g. '@coana-tech/cli@15.3.24').
         """
         return f"@coana-tech/cli@{self._resolve_coana_version(version)}"