Add changelog fragment for PR 1659

Author: rodrigobnogueira

CHANGES/1659.bugfix.rst

@@ -0,0 +1,5 @@
+Raise :exc:`ValueError` when a URL's authority (netloc) component contains a
+backslash. Backslashes are not valid in the authority per :rfc:`3986` and create
+SSRF and ACL bypass vulnerabilities when yarl is used alongside WHATWG-compliant
+parsers that convert backslashes to forward slashes
+-- by :user:`rodrigobnogueira`.