Possible CodeCov.io Security Issue

[paulzerkel]

Hello,

The Travis pipeline uses the CodeCov.io bash uploader on successful builds. The bash uploader was recently involved in a security incident. This is both a heads up as well as a request to consider removing the CodeCov dependency. If CodeCov is still needed would it be feasible to instead use a static known-good copy of the uploader instead of grabbing latest and executing it?

Thanks!