Bump codecov from 2.0.9 to 2.0.16

[dependabot[bot]]

Bumps codecov from 2.0.9 to 2.0.16.

Changelog

Sourced from codecov's changelog.

2.0.16

• fixed reported command injection vulnerability.

2.0.15

• add -X s3 to disable direct to S3 uploading

2.0.14

• fixed coverage combine

2.0.13

• fix encoding issues

2.0.12

• revert merge commit fix, back to old way

2.0.11

• fix merge commit when it's a pull request
• remove snapci, business closed
• skip vendor directories for gcov parsing
• run coverage combine not merge
• fix report encoding

2.0.10

• fix uploading when reports contain characters outside of latin-1
• remove reduced_redundancy header from

2.0.7

• Add --name/-n to cli
• Add support for Jenkins Blue
• Fix environment variable joining
• Add Greenhouse CI detection
• Fix GitLab detection
• Add default VCS_* environment
• Auto-merge py-coverage
• Remove Xcode processing support, please use bash uploader.
• Support yaml:token and yaml:slug

2.0.5

• Use %20 for encoding spaces [appveyor] codecov/codecov-python#66

2.0.4

... (truncated)

Commits

• 3a8b06b Version 2.0.16
• b2951c0 Merge pull request #231 from codecov/ce-1380
• 2a80aa4 CE-1380_sanitize_args
• 73b1b13 Merge pull request #218 from rly/patch-1
• 80a3fcc Fix broken bitly link in help
• ba51a78 Merge pull request #106 from blueyed/verbose
• 1d5d288 Merge branch 'master' into verbose
• 3502fdd Merge pull request #201 from takluyver/patch-1
• de92d4f Merge pull request #202 from takluyver/patch-2
• 54033d8 Merge pull request #192 from hugovk/add-3.7
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dssg/collate/network/alerts).