Update CHANGELOG.md for 13.9.7-ee

[ci skip]

CHANGELOG.md

@@ -2,6 +2,18 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
+## 13.9.7 (2021-04-27)
+
+### Security (6 changes)
+
+- Prevent tokens with only read_api scope from executing mutations.
+- Update mermaid to version 8.9.2.
+- Do not allow deploy tokens in the dependency proxy authentication service.
+- Disable keyset pagination for branches by default.
+- Bump Carrierwave gem to v1.3.2.
+- Restrict setting system_note_timestamp to owners.
+
+
 ## 13.9.6 (2021-04-13)
 ### Security (2 changes)

changelogs/unreleased/327155-prevent-mutation-execution-with-read-api-tokens.yml

----
-title: Prevent tokens with only read_api scope from executing mutations
-merge_request:
-author:
-type: security

changelogs/unreleased/mermaid-8-9-2.yml

----
-title: Update mermaid to version 8.9.2
-merge_request:
-author:
-type: security

changelogs/unreleased/security-10io-dependency-proxy-and-deploy-tokens.yml

----
-title: Do not allow deploy tokens in the dependency proxy authentication service
-merge_request:
-author:
-type: security

changelogs/unreleased/security-322500-disable-gitaly-branch-pagination-ff-by-default.yml

----
-title: Disable keyset pagination for branches by default
-merge_request:
-author:
-type: security

changelogs/unreleased/security-bump-carrierwave-to-1-3-2.yml

----
-title: Bump Carrierwave gem to v1.3.2
-merge_request:
-author:
-type: security

changelogs/unreleased/security-disallow-changing-timestamps-on-issue-create-update.yml

----
-title: Restrict setting system_note_timestamp to owners
-merge_request:
-author:
-type: security