[codecov] Codecov prior to 2.0.16 does not sanitize gcov arguments

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.

References

• https://nvd.nist.gov/vuln/detail/CVE-2019-10800
• https://github.com/codecov/codecov-python/commit/2a80aa434f74feb31242b6f213b75ce63ae97902
• https://snyk.io/vuln/SNYK-PYTHON-CODECOV-552149
• https://github.com/advisories/GHSA-h3qr-fjhm-jphw