feat(bootloader): Update micro-ecc version to v1.1

This fix ensures that https://nvd.nist.gov/vuln/detail/CVE-2020-27209 is not reported by the ESP-IDF SBOM tool. Please note that, this CVE was anyways not applicable for ESP32 platform, as the bootloader (user of micro-ecc library) do not perform signing on the device, its only verification that happens in secure-boot-v1 case.
2025-07-29 18:27:20 +02:00 · 2023-09-20 10:39:58 +05:30
parent e9d442d2b7
commit 7e14e7f5bd
2 changed files with 3 additions and 3 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -34,12 +34,12 @@
 [submodule "components/bootloader/subproject/components/micro-ecc/micro-ecc"]
 	path = components/bootloader/subproject/components/micro-ecc/micro-ecc
 	url = ../../kmackay/micro-ecc.git
-	sbom-version = 1.0
+	sbom-version = 1.1
 	sbom-cpe = cpe:2.3:a:micro-ecc_project:micro-ecc:{}:*:*:*:*:*:*:*
 	sbom-supplier = Person: Ken MacKay
 	sbom-url = https://github.com/kmackay/micro-ecc
 	sbom-description = A small and fast ECDH and ECDSA implementation for 8-bit, 32-bit, and 64-bit processors
-	sbom-hash = d037ec89546fad14b5c4d5456c2e23a71e554966
+	sbom-hash = 24c60e243580c7868f4334a1ba3123481fe1aa48

 [submodule "components/coap/libcoap"]
 	path = components/coap/libcoap
--- a/components/bootloader/subproject/components/micro-ecc/micro-ecc
+++ b/components/bootloader/subproject/components/micro-ecc/micro-ecc