[Snyk] Security upgrade codecov from 3.1.0 to 3.6.5

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Command Injection SNYK-JS-CODECOV-548879	No	Proof of Concept

Commit messages

Package name: codecov

The new version differs by 70 commits.

• ebe132e 3.6.5
• 02cf13d [CE-1330] Escaping args (#167)
• bac0787 v3.6.4
• 203ff3a Merge pull request #161 from codecov/drazisil-patch-1
• 696562d Merge pull request #147 from iansu/patch-1
• 7856231 v3.6.3
• 96e6d96 Merge pull request #166 from codecov/chore/updates
• c8ea169 update deps
• 7c4cdc4 Merge pull request #149 from aiell0/master
• 62389fa Merge pull request #162 from codecov/dependabot/npm_and_yarn/handlebars-4.5.3
• 73ae008 Add dependabot config
• ccf3862 Update README.md
• fa631c3 v3.6.2
• f429409 Merge pull request #164 from codecov/sanitize-gcov-options
• 2f4eff9 Sanitize gcov-args
• 467a495 Bump handlebars from 4.1.2 to 4.5.3
• 1430de5 Update test
• a30b1f5 Change cirrus-ci to match backend
• 9bde072 Merge pull request #151 from codecov/github-ci-1
• b86eb31 Add workflow
• 8acbe96 Retest
• acd92f4 Test when codebuild isn't triggered by webhooks.
• 6a62759 Add AWS CodeBuild to the list of supported CI providers
• a7014d2 Update README.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic