Retrofit dependency should be updated to patch reported vulnerabilities

[ipat500]

imagekit-java 2.0.0 introduces the new dependency: retrofit version 2.4.0. This is quite an old version (from 2018). 2 CVEs are reported for this version:

• https://nvd.nist.gov/vuln/detail/CVE-2018-1000844 (XML External Entity vulnerability)
• https://nvd.nist.gov/vuln/detail/CVE-2018-1000850 (Directory Traversal vulnerability)

Firstly, retrofit should be updated to the latest version if possible (currently 2.9.0).

Secondly, it would be good to state on this ticket whether imagekit-java version 2.0.0 exposes each of the 2 vulnerabilities, and to provide an explanation describing how imagekit-java is/isn't vulnerable to each one.

[imagekitio]

Fixed in version 2.0.1

[ipat500]

Thank you