[Snyk] Security upgrade codecov from 3.2.0 to 3.7.1

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Command Injection SNYK-JS-CODECOV-585979	No	No Known Exploit

Commit messages

Package name: codecov

The new version differs by 82 commits.

• 29dd5b6 3.7.1
• c0711c6 Switch from execSync to execFileSync (#180)
• 5f6cc62 Bump lodash from 4.17.15 to 4.17.19 (#183)
• 0c4d7f3 Merge pull request #182 from codecov/update-readme-badges
• cc5e121 Update depstat image and urls
• b44b44e Update readme with 400 error info (#181)
• bb79335 V3.7.0 (#179)
• 0d7b9b0 Remove `'x-amz-acl': 'public-read'` header (#178)
• eeff4e1 Bump acorn from 5.7.3 to 5.7.4 (#174)
• eb8a527 Merge pull request #172 from RoboCafaz/bugfix/codebuild-pr-parser
• 55d69cd Merge pull request #159 from SaferNodeJS/master
• ef348ec Verify source version before parsing PR
• ebe132e 3.6.5
• 02cf13d [CE-1330] Escaping args (#167)
• e138efe Merge lastest changes
• bac0787 v3.6.4
• 203ff3a Merge pull request #161 from codecov/drazisil-patch-1
• 696562d Merge pull request #147 from iansu/patch-1
• 7856231 v3.6.3
• 96e6d96 Merge pull request #166 from codecov/chore/updates
• c8ea169 update deps
• 7c4cdc4 Merge pull request #149 from aiell0/master
• 62389fa Merge pull request #162 from codecov/dependabot/npm_and_yarn/handlebars-4.5.3
• 73ae008 Add dependabot config

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic