There seems to be old packages that are used in the latest version that are reported to have vulnerabilities and should be updated:

• github.com/containerd/containerd v1.5.7 (subject to CVE-2021-43816)

This package is used indirectly according to the go.mod in the master branch of this repo.