Friendly heads up to the community. CodeCov got popped. A malicious actor has been in control of the bash script used to upload code coverage reports to their servers for the past 2 months. IE. Malicious arbitrary code execution in the CI/CD pipelines for their users. This is a fairly popular tool used in CI/CD pipelines for generating code coverage reports on GitHub. 😬 https://about.codecov.io/security-update/