diff --git a/changelog/updates/2023-07-08-runc.md b/changelog/updates/2023-07-08-runc.md
new file mode 100644
index 0000000000..1a9fc3e524
--- /dev/null
+++ b/changelog/updates/2023-07-08-runc.md
@@ -0,0 +1 @@
+- runc ([1.1.13](https://github.com/opencontainers/runc/releases/tag/v1.1.13))
diff --git a/changelog/updates/2024-07-05-containerd-1.7.19-update.md b/changelog/updates/2024-07-05-containerd-1.7.19-update.md
new file mode 100644
index 0000000000..766902b639
--- /dev/null
+++ b/changelog/updates/2024-07-05-containerd-1.7.19-update.md
@@ -0,0 +1 @@
+- containerd ([1.7.19](https://github.com/containerd/containerd/releases/tag/v1.7.19))
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest
index 4f233b78aa..95b310bcc7 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/Manifest
@@ -1,4 +1,4 @@
 DIST containerd-1.7.1.tar.gz 9682254 BLAKE2B f168070caf2b76f0be350a98f41bfdbfe6d78344d68821fb92a29f839a6e847d795e5b79436e36f985aa88028ff1c3f44f134cf6bd502ddac22453a457bd952b SHA512 e9b00ba8f4dd1b5b1088060d3822f684611d43b367ddfeb1bee1660140af85f31e9c9bfc600a67e8fc8645a625dc4e1919d9af7291bdeaa607bff7065a4fc945
-DIST containerd-1.7.18.tar.gz 9958128 BLAKE2B be015500dbd23f30b7046cfe717c2af2e66c8119af1b39bda35e2f78c170159851cb8d10a50bfcfb3407ffc011d07788888f7e026b70908667077f5596e43ea0 SHA512 39ecc27246f4f9e9827df2ef52574287b16cb5da0ffd954a4bfa29f063f453ec97feb82cc30ff27410e091ba535c1a941ddd10021256c71021b397eb86024f12
+DIST containerd-1.7.19.tar.gz 10157428 BLAKE2B 3f51d63d4280a11ffe308c3e65df2fefdd91f543169501cf361bb8c6d5085b6b606cc3425508246ce872c86a475e2d195dd2473fee89a47548cfdfbd810307c2 SHA512 cb58bf5148381f9f0eba096e159592f294f887c5b17f8aaf6de8fed80c515abf4f08c849bbbd266dd85ede09fe709bf7d15a61a749f1136456329c47508dbe34
 DIST containerd-1.7.2.tar.gz 9688701 BLAKE2B d31cd0e96bb2675390cc63d06114e37d532b7c666b3ffc5b0087dfcef8de23559471f08bf8a52b164c5f645faf1b8102ab2ccdd8ec417a1c74336097f0c3a899 SHA512 c0d4c02991b7e9fc341c4ef3df2d93097f5854a51b99596ed95436a79f7a586820bb8bb7c17fc43b5f38d97ea942e59490fbbf6c9710391ef9caae3d34627bc5
 DIST containerd-1.7.6.tar.gz 9714550 BLAKE2B 863df1a8ab0f0fe6ec62893ed64824763c1b5230fe830fa268820ce0d6254c79e1ac62ab1261a74785b86b01dff83ea9109a899857fa47a48f2cf2eaf298fea8 SHA512 8b7e13c6ea544754ba7d53092d143f3fd2224b9bc874a33d8a00b781e719927f1b22ad5cd1e35b7b95e4890e630f4b92308549a970587ccdf9dbb8eb470e2703
diff --git a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.18.ebuild b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.19.ebuild
similarity index 94%
rename from sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.18.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.19.ebuild
index 6733ae257a..f14c4be311 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.18.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-containers/containerd/containerd-1.7.19.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=8
 inherit go-module systemd
-GIT_REVISION=cd7148ac666309abf41fd4a49a8a5895b905e7f3
+GIT_REVISION=47fbe7316d3b07c32adaa4277142aeb0d4482f37
 
 DESCRIPTION="A daemon to control runC"
 HOMEPAGE="https://containerd.io/"
@@ -22,7 +22,7 @@ DEPEND="
 # recommended version of runc is found in script/setup/runc-version
 RDEPEND="
 	${DEPEND}
-	~app-containers/runc-1.1.12[apparmor?,seccomp?]
+	~app-containers/runc-1.1.13[apparmor?,seccomp?]
 "
 
 BDEPEND="
diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
index d1cf1d76ed..5e216c42b0 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords
@@ -7,9 +7,9 @@
 # Gentoo upstream package stabilisation
 # (the following packages are "unstable" upstream; we're stabilising these)
 
-=app-containers/containerd-1.7.18 ~amd64 ~arm64 # DO NOT EDIT THIS LINE. Added by containerd-apply-patch.sh on 2024-06-07 08:18:07
+=app-containers/containerd-1.7.19 ~amd64 ~arm64 # DO NOT EDIT THIS LINE. Added by containerd-apply-patch.sh on 2024-07-05 08:17:23
 =app-containers/cri-tools-1.27.0 ~amd64 ~arm64
-=app-containers/runc-1.1.12 ~amd64 ~arm64
+=app-containers/runc-1.1.13 ~amd64 ~arm64
 
 # Seems to be the only available ebuild in portage-stable right now.
 =app-crypt/adcli-0.9.2 ~amd64 ~arm64
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest b/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest
index acb6c17123..241b60c0ce 100644
--- a/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/Manifest
@@ -1,3 +1,2 @@
 DIST runc-1.1.12.tar.gz 2522196 BLAKE2B 14fe8d5f82d5b4d7f6b4bb9111c5d258e74f6a44aeb51fc87c69104e95b9bf24a3d503f4cc5dedb40d542fbd4b6e27273f456bda4fcf3bc298eb93ae292d9663 SHA512 92e8ac54a77d7ebcc76b5a9cc08d9a064211f12e9d26f064070cc203a5afb11c3af28d8f556f297513f797a2933d50bf10a8f22e307724041d66aa8c5ca1d9d3
-DIST runc-1.1.7.tar.gz 2511464 BLAKE2B 63f09052659636b62185abbb178f7e104d22125190899e80e71ed2ba35567eb855abf786d3c7fff3dd9a1ab43ee282fcaecb6650cd8a1ce49c05acefd7c12cde SHA512 e3a18f04ac2c3553a815074ca64e04cfd71af54d78edbd4a13819f187476f96d7311c23bb63fb5c311b91865db4540985a6f9daa84819b0bac5f023b3b2a832c
-DIST runc-1.1.9.tar.gz 2512231 BLAKE2B 4e8e2a454231492f83de34bf66ba25a02b8925b6ef0af2206cdf4ab3299173d3452cea4d51fcfeb02026df288dd8ca6c44ecd35fb075f25f56fd7bc07f873af7 SHA512 020986f2df49c45394d0acbfa4da62663353004550d9b4409f6cfe8369972a090fb8020e4a05342754bde5c1fbe9fcf3868faed2dceed5d54460c3373cdd2278
+DIST runc-1.1.13.tar.gz 2532849 BLAKE2B f3d3171ffce2bb833bfb5cc21d0dc034fd7e38c47ee098cc1fc75c06fd4dfae21dfe25c2e69a1ca93b29d36e8799727ea41725eee8aca3a059c14dab6c8a435f SHA512 644bf9e6359bf49bbdec667c0f7c69ded78c7eacfc2d1b730d52fdcf7348571c6406b8e5790811fe3662a458c878e4225c3559885f0d95f8905273e7e40e55ad
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.12.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.12.ebuild
index c605e6d0a2..ed23ef215d 100644
--- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.12.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.12.ebuild
@@ -16,7 +16,7 @@ SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P
 
 LICENSE="Apache-2.0 BSD-2 BSD MIT"
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
 IUSE="apparmor hardened +kmem +seccomp selinux test"
 
 DEPEND="seccomp? ( sys-libs/libseccomp )"
@@ -42,8 +42,8 @@ S="${WORKDIR}/${PN}-${MY_PV}"
 
 src_compile() {
 	# Taken from app-containers/docker-1.7.0-r1
-	export CGO_CFLAGS="-I${ESYSROOT}/usr/include"
-	export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')
+	CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
+	CGO_LDFLAGS+=" $(usex hardened '-fno-PIC ' '')
 		-L${ESYSROOT}/usr/$(get_libdir)"
 
 	# build up optional flags
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.7.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.13.ebuild
similarity index 79%
rename from sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.7.ebuild
rename to sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.13.ebuild
index 01b66cb348..182586a7d2 100644
--- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.7.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.13.ebuild
@@ -1,12 +1,12 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
 inherit go-module linux-info
 
-# update on bump, look for https://github.com/docker\
-# docker-ce/blob/<docker ver OR branch>/components/engine/hack/dockerfile/install/runc.installer
-RUNC_COMMIT=4ffc61430bbe6d3d405bdf357b766bf303ff3cc5
+# update on bump, look for commit ID on release tag.
+# https://github.com/opencontainers/runc
+RUNC_COMMIT=58aa9203c123022138b22cf96540c284876a7910
 CONFIG_CHECK="~USER_NS"
 
 DESCRIPTION="runc container cli tools"
@@ -16,7 +16,7 @@ SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P
 
 LICENSE="Apache-2.0 BSD-2 BSD MIT"
 SLOT="0"
-KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
 IUSE="apparmor hardened +kmem +seccomp selinux test"
 
 DEPEND="seccomp? ( sys-libs/libseccomp )"
@@ -42,8 +42,8 @@ S="${WORKDIR}/${PN}-${MY_PV}"
 
 src_compile() {
 	# Taken from app-containers/docker-1.7.0-r1
-	export CGO_CFLAGS="-I${ESYSROOT}/usr/include"
-	export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')
+	CGO_CFLAGS+=" -I${ESYSROOT}/usr/include"
+	CGO_LDFLAGS+=" $(usex hardened '-fno-PIC ' '')
 		-L${ESYSROOT}/usr/$(get_libdir)"
 
 	# build up optional flags
diff --git a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.9.ebuild b/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.9.ebuild
deleted file mode 100644
index 3d57961864..0000000000
--- a/sdk_container/src/third_party/portage-stable/app-containers/runc/runc-1.1.9.ebuild
+++ /dev/null
@@ -1,78 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-inherit go-module linux-info
-
-# update on bump, look for https://github.com/docker\
-# docker-ce/blob/<docker ver OR branch>/components/engine/hack/dockerfile/install/runc.installer
-RUNC_COMMIT=ccaecfcbc907d70a7aa870a6650887b901b25b82
-CONFIG_CHECK="~USER_NS"
-
-DESCRIPTION="runc container cli tools"
-HOMEPAGE="http://github.com/opencontainers/runc/"
-MY_PV="${PV/_/-}"
-SRC_URI="https://github.com/opencontainers/${PN}/archive/v${MY_PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="Apache-2.0 BSD-2 BSD MIT"
-SLOT="0"
-KEYWORDS="amd64 ~arm arm64 ppc64 ~riscv ~x86"
-IUSE="apparmor hardened +kmem +seccomp selinux test"
-
-DEPEND="seccomp? ( sys-libs/libseccomp )"
-
-RDEPEND="
-	${DEPEND}
-	!app-emulation/docker-runc
-	apparmor? ( sys-libs/libapparmor )
-	selinux? ( sec-policy/selinux-container )
-"
-
-BDEPEND="
-	dev-go/go-md2man
-	test? ( "${RDEPEND}" )
-"
-
-# tests need busybox binary, and portage namespace
-# sandboxing disabled: mount-sandbox pid-sandbox ipc-sandbox
-# majority of tests pass
-RESTRICT+=" test"
-
-S="${WORKDIR}/${PN}-${MY_PV}"
-
-src_compile() {
-	# Taken from app-containers/docker-1.7.0-r1
-	export CGO_CFLAGS="-I${ESYSROOT}/usr/include"
-	export CGO_LDFLAGS="$(usex hardened '-fno-PIC ' '')
-		-L${ESYSROOT}/usr/$(get_libdir)"
-
-	# build up optional flags
-	local options=(
-		$(usev apparmor)
-		$(usev seccomp)
-		$(usex kmem '' 'nokmem')
-	)
-
-	myemakeargs=(
-		BUILDTAGS="${options[*]}"
-		COMMIT="${RUNC_COMMIT}"
-	)
-
-	emake "${myemakeargs[@]}" runc man
-}
-
-src_install() {
-	myemakeargs+=(
-		PREFIX="${ED}/usr"
-		BINDIR="${ED}/usr/bin"
-		MANDIR="${ED}/usr/share/man"
-	)
-	emake "${myemakeargs[@]}" install install-man install-bash
-
-	local DOCS=( README.md PRINCIPLES.md docs/. )
-	einstalldocs
-}
-
-src_test() {
-	emake "${myemakeargs[@]}" localunittest
-}