build(deps): bump github.com/containerd/containerd/v2 from 2.2.3 to 2.3.1

[dependabot]

Bumps github.com/containerd/containerd/v2 from 2.2.3 to 2.3.1.

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.3.1

Welcome to the v2.3.1 release of containerd!

The first patch release for containerd 2.3 contains various fixes and improvements.

Security Updates

• CVE-2026-46680

Highlights

• Fix bug where failed gRPC plugins were not tolerated when starting listeners (#13390)

Image Storage

• Ensure metadata and mount plugin boltdb files are closed on server shutdown (#13379)

Runtime

• Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#13447)
• Fix sandbox task API endpoints for non-runc runtimes and deprecate task fields in Runc options (#13422)
• Apply hardening to default seccomp socket policy by blocking AF_ALG (#13409)

Snapshotters

• Disable overlayfs "rebase" capability when running in user namespace (#13394)
• Fix transfer plugin error when EROFS differ is configured but mkfs.erofs is unavailable (#13364)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Maksym Pavlenko
• Akihiro Suda
• Derek McGowan
• Paweł Gronowski
• Brian Goff
• Austin Vazquez
• LEI WANG
• Samuel Karp

Changes

• Prepare release notes for v2.3.1 (#13405)
  • 58af96519 Prepare release notes for v2.3.1
  • 8f0b3ca83 Update api to v1.11.1
• oci: return explicit error for out-of-range USER values (#13447)

... (truncated)

Commits

• 64b425c Merge pull request #13405 from AkihiroSuda/prepare-release-2.3.1
• 58af965 Prepare release notes for v2.3.1
• 8f0b3ca Update api to v1.11.1
• 9f8f453 Merge pull request #13447 from samuelkarp/oci-withuser-errrange-2.3
• f822a91 Merge pull request #13444 from dmcgowan/prepare-api-v1.11.1
• da7aef2 Prepare release notes for api/v1.11.1
• a50a704 Merge pull request #13422 from k8s-infra-cherrypick-robot/cherry-pick-13360-t...
• 5282d4e Wire task address and version fields
• e44f5f9 protos: include task API address to CreateTaskRequest
• 85f22f7 Merge pull request #13409 from k8s-infra-cherrypick-robot/cherry-pick-13327-t...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)