Vulnerabilities in latest docker image of confluentinc/cp-schema-registry:7.2.0


We are using confluentinc/cp-schema-registry:7.2.0 for one of our projects.
While scanning the confluentinc/cp-schema-registry:7.2.0 with Aquasec Scanner, we are getting a few CVEs:

These CVE are associated with various Java based packages which have high vulnerabilities associated:
CVE-2022-2048 http2-server 9.4.44.v20210927
CVE-2021-22573 google-oauth-client 1.32.1

How are http2-server, google-oauth-client being used in cp-schema-registry.
Would it be possible to update the packages in cp-schema-registry to fixed versions?

Thanks and Regards