auto-merge envoyproxy/envoy[release/v1.34] into envoyproxy/envoy-openssl[release/v1.34]

* upstream/release/v1.34:
  repo: Dev v1.34.13

Signed-off-by: jwendell <125759+jwendell@users.noreply.github.com>

Author: jwendell

VERSION.txt

@@ -1 +1 @@
-1.34.12
+1.34.13-dev

changelogs/1.34.12.yaml

@@ -0,0 +1,10 @@
+date: December 10, 2025
+
+bug_fixes:
+- area: dns
+  change: |
+    Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
+
+    Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
+
+    advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.

changelogs/current.yaml

@@ -1,10 +1,17 @@
-date: December 10, 2025
+date: Pending
+
+behavior_changes:
+# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
+
+minor_behavior_changes:
+# *Changes that may cause incompatibilities for some users, but should not for most*
 
 bug_fixes:
-- area: dns
-  change: |
-    Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
+# *Changes expected to improve the state of the world and are unlikely to have negative effects*
+
+removed_config_or_runtime:
+# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
 
-    Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
+new_features:
 
-    advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.
+deprecated:

changelogs/summary.md

@@ -1,12 +0,0 @@
-**Summary of changes**:
-
-* Security updates:
-
-  Resolve dependency CVEs:
-  - c-ares/CVE-2025-0913:
-      Use after free can crash Envoy due to malfunctioning or compromised DNS.
-
-While a potentially severe bug in some cloud environments, this has limited exploitability
-as any attacker would require control of DNS.
-
-Envoy advisory is here https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f