Hi,
I'm using nRF52832 with SDK 17.0.2. We were using the Snyk Vulnerability Database to scan our code and found issues with the libraries mbedtls, lwip-tcpip and micro-ecc.
mbedtls and lwip-tcpip offered version upgrades to fix the issue, while the micro-ecc issue had no solution.
My questions are:
1) How would I go about and manually upgrade mbedtls and lwip-tcpip libraries in the SDK? Is it a simple matter of overwriting the new libraries on top of the old ones?
2) Since we're not using any sort of encryptions or cryptography we don't really need the micro-cc library. How could I remove it from the code without breaking the compilation of the entire solution?
Thanks,
Eyal