chore(deps): bump github.com/coder/coder/v2 from 2.30.0 to 2.30.8

[dependabot]

Bumps github.com/coder/coder/v2 from 2.30.0 to 2.30.8.

Release notes

Sourced from github.com/coder/coder/v2's releases.

v2.30.8

Changelog

Bug fixes

• Widen engines.node to include Node.js 24 LTS (#24419, 874f09598d)
• Bump hashicorp/hc-install to v0.9.4 (#24547, dba38c39d9) (@​ethanndickson)
• Bump go-git/go-git/v5 from v5.18.0 to v5.19.0 (CVE-2026-45022) (#25234, 0ab69891d9)
• fix(go.mod): upgrade OTel SDK from v1.39.0 to v1.43.0 (CVE-2026-39883) (#25233, 371506f0bb)
• fix(deps): upgrade gomarkdown/markdown to fix GHSA-77fj-vx54-gvh7 (v2.30.x) (#25235, b9a49482d5)
• Bump Go from 1.25.8 to 1.25.10 (#25232, 0bff6d2320)
• Dashboard: Remove flaky pagination test from WorkspacesPage (#24165, 76402c02f5)
• fix(go.mod): bump goldmark to v1.7.17 to fix CVE-2026-5160 (#25257, ed8b0b311f)
• Upgrade filippo.io/edwards25519 v1.1.0 to v1.1.1 (CVE-2026-26958) (#25261, b1c5b9211f)
• fix(scripts/ironbank): update base image to UBI9 and remove urllib3 (CVE-2026-44431) (#25231, 9a9080b302)
• Server: Harden Azure identity certificate fetch (cherry-pick v2.30) (#25281, af737be587)
• Verify PKCS7 signature on Azure instance identity tokens (backport 2.30) (#25305, 74eba1e8a9)

Compare: v2.30.7...v2.30.8

Container image

• docker pull ghcr.io/coder/coder:2.30.8

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

v2.30.7

Changelog

Performance improvements

• Cap count queries, use native UUID ops for audit/conn logs (backport #23835) (#24133, 77e8bc490)

Chores

• Backport high and critical Iron Bank dependency fixes (#24109, 756cc3a60)

Compare: v2.30.6...v2.30.7

Container image

• docker pull ghcr.io/coder/coder:2.30.7

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

v2.30.6

... (truncated)

Commits

• 74eba1e fix: verify PKCS7 signature on Azure instance identity tokens (backport 2.30)...
• af737be fix(coderd): harden Azure identity certificate fetch (cherry-pick v2.30) (#25...
• 9a9080b fix(scripts/ironbank): update base image to UBI9 and remove urllib3 (CVE-2026...
• b1c5b92 fix: upgrade filippo.io/edwards25519 v1.1.0 to v1.1.1 (CVE-2026-26958) (#25261)
• ed8b0b3 fix(go.mod): bump goldmark to v1.7.17 to fix CVE-2026-5160 (#25257)
• 76402c0 fix(site): remove flaky pagination test from WorkspacesPage (cherry-pick #241...
• 0bff6d2 fix: bump Go from 1.25.8 to 1.25.10 (#25232)
• b9a4948 fix(deps): upgrade gomarkdown/markdown to fix GHSA-77fj-vx54-gvh7 (v2.30.x) (...
• 371506f fix(go.mod): upgrade OTel SDK from v1.39.0 to v1.43.0 (CVE-2026-39883) (#25233)
• 0ab6989 fix: bump go-git/go-git/v5 from v5.18.0 to v5.19.0 (CVE-2026-45022) (#25234)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.