feat(bootloader): Update micro-ecc version to v1.1

This fix ensures that https://nvd.nist.gov/vuln/detail/CVE-2020-27209 is not reported by the ESP-IDF SBOM tool. Please note that, this CVE was anyways not applicable for ESP32 platform, as the bootloader (user of micro-ecc library) do not perform signing on the device, its only verification that happens in secure-boot-v1 case.
2024-10-05 20:47:46 -04:00 · 2023-09-20 10:39:58 +05:30 · 2023-09-20 10:39:58 +05:30 · a686c20ee5
commit a686c20ee5
parent 925a7310ca
2 changed files with 3 additions and 3 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -30,12 +30,12 @@
 [submodule "components/bootloader/subproject/components/micro-ecc/micro-ecc"]
 	path = components/bootloader/subproject/components/micro-ecc/micro-ecc
 	url = ../../kmackay/micro-ecc.git
-	sbom-version = 1.0
+	sbom-version = 1.1
 	sbom-cpe = cpe:2.3:a:micro-ecc_project:micro-ecc:{}:*:*:*:*:*:*:*
 	sbom-supplier = Person: Ken MacKay
 	sbom-url = https://github.com/kmackay/micro-ecc
 	sbom-description = A small and fast ECDH and ECDSA implementation for 8-bit, 32-bit, and 64-bit processors
-	sbom-hash = d037ec89546fad14b5c4d5456c2e23a71e554966
+	sbom-hash = 24c60e243580c7868f4334a1ba3123481fe1aa48

 [submodule "components/spiffs/spiffs"]
 	path = components/spiffs/spiffs
--- a/components/bootloader/subproject/components/micro-ecc/micro-ecc
+++ b/components/bootloader/subproject/components/micro-ecc/micro-ecc
@ -1 +1 @@
-Subproject commit d037ec89546fad14b5c4d5456c2e23a71e554966
+Subproject commit 24c60e243580c7868f4334a1ba3123481fe1aa48