Currently the following dependency has ~24 CVE vulnerabilities and there is a latest version 2.7.2 of it that fixes these issues. Please bump up the version.

<dependency>
  <groupId>com.squareup.retrofit2</groupId>
  <artifactId>converter-jackson</artifactId>
  <version>2.7.2</version>
</dependency>