Possible CodeCov.io Security Issue #144
Description
Hello,
The Travis pipeline uses the CodeCov.io bash uploader on successful builds. The bash uploader was recently involved in a security incident. This is both a heads up as well as a request to consider removing the CodeCov dependency. If CodeCov is still needed would it be feasible to instead use a static known-good copy of the uploader instead of grabbing latest and executing it?
Thanks!