* upstream: (35 commits)
Fixes#1691: added “viewport” meta tag to layout views.
Fixed the issue that query cache returns the same data for the same SQL but different query methods
moved section
subsection added
typo [skip ci]
docs about response
Fixes#1586: `QueryBuilder::buildLikeCondition()` will now escape special characters and use percentage characters by default
docs improved
csrf docs added
Fixes#1685: UrlManager::showScriptName should be set true for tests.
Fixes#1688: ActiveForm is creating duplicated messages in error summary
change back the visibility of findTableNames to protected.
Typo fix.
Fixes#1681: Added support for automatically adjusting the "for" attribute of label generated by `ActiveField::label()`
Simplified tests.
Fixes#1631: Charset is now explicitly set to UTF-8 when serving JSON
Fixed typo
added html layout for mail component in basic app
CS fixes.
Merge branch 'debug_module_improvements' of github.com:Ragazzo/yii2 into Ragazzo-debug_module_improvements
...
* upstream: (21 commits)
Fixes#1643: Added default value for `Captcha::options`
Fixes#1654: Fixed the issue that a new message source object is generated for every new message being translated
Allow dash char in ActionColumn’s button names.
Added SecurityTest.
fixed functional test when enablePrettyUrl is false.
fixed composer.json
minor doc fix.
Fixes#1634: Use masked CSRF tokens to prevent BREACH exploits
Use better random CSRF token.
GII unique indexes avoid autoIncrement columns
updated debug retry params.
Added sleep().
Added unit test for ActiveRecord::updateAttributes().
Fixes#1641: Added `BaseActiveRecord::updateAttributes()`
Fixed#1504: Debug toolbar isn't loaded successfully in some environments when xdebug is enabled
Mongo README.md updated.
Fixes#1611: Added `BaseActiveRecord::markAttributeDirty()`
Number validator was missing
Fixes#1638: prevent table names from being enclosed within curly brackets twice.
Unique indexes rules for single columns into array
...
