Redistributed TK libraries include out of date zlib

[scw]

The copies of zlib included in tkcop.dll and tkezlib.dll rely on the 1.2.13 versions of the package, where the current version is 1.3.1:

Because SWAT and TK don't directly expose the tool which has a critical vulnerability, the high priority CVE isn't directly relevant, but it would still be great to resync so that security scanners and other consumers don't flag the package.

[scw]

Working with SAS support, they closed the internal issue and said this public facing one was the right place to get this issue addressed. Can a contributor to the python-swat package please triage this issue? It is still present in the latest 1.15.0 wheels:

[scw]

@bkemper24 Is this something that can be evaluated for inclusion in a future release?

[bkemper24]

I'm looking into this, but I don't have any information so far.

[scw]

@bkemper24 Thanks for looking into this. I'd love if we could get this addressed in the TK libraries.