upgrade zlib version to 1.2.13, which is the latest release.

[Jackie9527]

Signed-off-by: Jackie9527 80555200+Jackie9527@users.noreply.github.com

[nick-l-o3de]

one thing to caution here, zlib is so base and fundamental to everything that this will potentially cascade to needing to then update many other packages.

Unless something really serious forces us to change zlib, I'd highly recommend against it. Was it a security patch or something?

The situation here is that we distribute it as a static lib, so upgrading the package here will deliver a new static lib, and everything linking to that static lib will now link to the new one (yay!) So you don't need to update other packages even if they depend on zlib - as long as those other packages also deliver as static libs.

However, if there are packages that deliver as dlls or executables, and those packages will pack the contents of the stale zlib into their own dlls and will have older versions even after we ship this.

If we're doing this for some new feature it probably doesn't matter. if we're doing this to solve a real security hole, then we'd need to also issue new versions of the dll or exe distributed libraries in 3p that ingest the old zlib.

• consider updating the spdx license files at the root of the repo, too

the packages I'm aware of that may use and ingest our zlib and ship it as a non-static link would be

• AWS Native SDK (possibly? does it come as lib files or dlls?)
• ASsimp (same question, not sure)
• openimageio/opencolorio (which ingest zlib)
• potentially qt (it ships as dlls)

There may also be others. It really depends on if its a serious security patch that would affect those or if its just new features or somehting.

[nick-l-o3de]

that being said, there's nothing I spy wrong with this.
Its a pity the thing was one of the first packages ever made and didn't have any self tests tho