We are currently experiencing an issue with our Airflow Composer service, which is managed by GCP and hosted in an Autopilot Kubernetes cluster. Specifically, we have identified some active vulnerabilities (GKE runtime OS vulnerabilities) associated with this service.

Given the nature of the Autopilot Kubernetes cluster, we are limited in our ability to directly modify the cluster, restricting us to initiating updates only. Despite multiple attempts to upgrade to the latest versions, including unstable versions of Airflow Composer, the vulnerabilities remain unresolved.

Could you please provide guidance or assistance in addressing these vulnerabilities?