How do you handle Docker image security updates?

A lot of software today is distributed in the form of docker images. Often these images are based on minimal base images (like alpine, Ubuntu etc). When there is a security update to these base images, the software vendor should pull in these updates and release a new version of their image as well. But most do not. Instead they wait for a new release of their own software to release a new image.

So my question is: How do you mitigate this?

Do you just run the potentially outdated images?

Do you manually recreate images based on the software vendor’s dockerfile (so you can create new images when the base image updates)?

Any other ideas I‘m not thinking of?

Curious to hear from your experience.