Docker – centos:7 kernel-header 3.10.0 vulnerabilities -> what to do?

My client uses a Docker images that has a base image of centos:7 from DockerHub. I noticed that Google Cloud Container registry flagged my latest built images with 17 vulnerabilities that all target the kernel-headers package from CentOs, version 3.10.0.

What are my options ?

Can I just upgrade this package or the kernel while staying on CentOs 7 or do I need to upgrade to version 8 ?
With an upgrade to version 8, are there specific breaking updates I should keep an eye on ?

Thank you guys

Source: Docker Questions