chore(deps): bump github.com/containerd/containerd/v2 from 2.2.3 to 2.3.1 in the containerd group

[dependabot]

Bumps the containerd group with 1 update: github.com/containerd/containerd/v2.

Updates github.com/containerd/containerd/v2 from 2.2.3 to 2.3.1

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.3.1

Welcome to the v2.3.1 release of containerd!

The first patch release for containerd 2.3 contains various fixes and improvements.

Security Updates

• CVE-2026-46680

Highlights

• Fix bug where failed gRPC plugins were not tolerated when starting listeners (#13390)

Image Storage

• Ensure metadata and mount plugin boltdb files are closed on server shutdown (#13379)

Runtime

• Fix handling of out-of-range USER values in OCI spec to avoid unexpected username/group lookups (#13447)
• Fix sandbox task API endpoints for non-runc runtimes and deprecate task fields in Runc options (#13422)
• Apply hardening to default seccomp socket policy by blocking AF_ALG (#13409)

Snapshotters

• Disable overlayfs "rebase" capability when running in user namespace (#13394)
• Fix transfer plugin error when EROFS differ is configured but mkfs.erofs is unavailable (#13364)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Maksym Pavlenko
• Akihiro Suda
• Derek McGowan
• Paweł Gronowski
• Brian Goff
• Austin Vazquez
• LEI WANG
• Samuel Karp

Changes

• Prepare release notes for v2.3.1 (#13405)
  • 58af96519 Prepare release notes for v2.3.1
  • 8f0b3ca83 Update api to v1.11.1
• oci: return explicit error for out-of-range USER values (#13447)

... (truncated)

Commits

• 64b425c Merge pull request #13405 from AkihiroSuda/prepare-release-2.3.1
• 58af965 Prepare release notes for v2.3.1
• 8f0b3ca Update api to v1.11.1
• 9f8f453 Merge pull request #13447 from samuelkarp/oci-withuser-errrange-2.3
• f822a91 Merge pull request #13444 from dmcgowan/prepare-api-v1.11.1
• da7aef2 Prepare release notes for api/v1.11.1
• a50a704 Merge pull request #13422 from k8s-infra-cherrypick-robot/cherry-pick-13360-t...
• 5282d4e Wire task address and version fields
• e44f5f9 protos: include task API address to CreateTaskRequest
• 85f22f7 Merge pull request #13409 from k8s-infra-cherrypick-robot/cherry-pick-13327-t...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions