build(deps): bump github.com/containerd/containerd from 1.7.29 to 1.7.32 in /src/cloud-api-adaptor

[dependabot]

Bumps github.com/containerd/containerd from 1.7.29 to 1.7.32.

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.32

Welcome to the v1.7.32 release of containerd!

The thirty-second patch release for containerd 1.7 contains various fixes and updates including a security patch.

• containerd

  • CVE-2026-46680

• Allow hosts.toml to contain only root-level fields without an explicit [host] section (#10028)

• Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#13450)

• Apply hardening to block AF_ALG in default socket policy (#13406)

• Support both "volatile" and "fsync=volatile" mount options for volatile snapshotter (#13299)

• Set AppArmor abi conditionally to support versions < 3.0 (#13273)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

• Maksym Pavlenko
• Chris Henzie
• Derek McGowan
• Paweł Gronowski
• Samuel Karp
• Wei Fu
• Brad Davidson
• Brian Goff
• LEI WANG
• Phil Estes

• bc87d865c Prepare release notes for v1.7.32
• oci: return explicit error for out-of-range USER values (#13450)
  • 503f47946 oci: return explicit error for out-of-range USER values
• seccomp: Block AF_ALG in default socket policy (#13406)
  • e55b747d3 seccomp: Block AF_ALG in default socket policy
  • 4627a65f8 seccomp: Document socket rule scope and socketcall limitation
• Fix issue with empty host tree in hosts.toml (#10028)
  • 24007441d Fix error parsing hosts.toml without any host tree
• Support both styles of volatile mount option (#13299)
  • 940733149 Support both styles of volatile mount option
• apparmor: Set abi conditionally (#13273)
  • 2b732c892 apparmor: Set abi conditionally
• Add GitHub Action for k8s node e2e tests (#13258)
  • 0db1e143a Add GitHub Action for k8s node e2e tests
• Update release process after 1.7 (#13236)
  • 3223a75c2 Update for latest updates to release tool

... (truncated)

Commits

• 180a7b7 Merge pull request #13452 from samuelkarp/prepare-1.7.32
• bc87d86 Prepare release notes for v1.7.32
• 6a05ddd Merge pull request #13450 from samuelkarp/oci-withuser-errrange-1.7
• 9c3d01b Merge pull request #13406 from k8s-infra-cherrypick-robot/cherry-pick-13327-t...
• e55b747 seccomp: Block AF_ALG in default socket policy
• 4627a65 seccomp: Document socket rule scope and socketcall limitation
• 33d9e24 Merge pull request #10028 from brandond/fix-hosts-toml
• 503f479 oci: return explicit error for out-of-range USER values
• 4393e22 Merge pull request #13299 from chrishenzie/release/1.7-volatile
• 9407331 Support both styles of volatile mount option
• Additional commits viewable in compare view

---

Note

Medium Risk
Dependency-only change, but it upgrades containerd, which can affect runtime/container behavior and includes security-related fixes; regressions are possible at build or runtime.

Overview
Updates src/cloud-api-adaptor Go dependencies by bumping github.com/containerd/containerd from v1.7.29 to v1.7.32 and refreshing go.sum accordingly.

Also bumps indirect github.com/opencontainers/selinux from v1.13.0 to v1.13.1 as part of the dependency resolution.

^{Reviewed by Cursor Bugbot for commit 1491656. Bugbot is set up for automated code reviews on this repo. Configure here.}