diff --git a/go.mod b/go.mod
index 431545f6..67fbd197 100644
--- a/go.mod
+++ b/go.mod
@@ -12,9 +12,9 @@ require (
 	k8s.io/api v0.30.3
 	k8s.io/apimachinery v0.30.3
 	k8s.io/client-go v0.30.3
-	knative.dev/hack v0.0.0-20241223131256-cad8c71aac6f
+	knative.dev/hack v0.0.0-20241227080210-e92a16ae0893
 	knative.dev/pkg v0.0.0-20241223131119-4c901591eb4a
-	knative.dev/serving v0.43.1-0.20241220114912-06281ebc6d81
+	knative.dev/serving v0.43.1-0.20250106182356-0d589da56eb6
 )
 
 require (
diff --git a/go.sum b/go.sum
index f127dbb9..01592514 100644
--- a/go.sum
+++ b/go.sum
@@ -718,14 +718,14 @@ k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 h1:1Wof1cGQgA5pqgo8MxKPtf
 k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8/go.mod h1:Os6V6dZwLNii3vxFpxcNaTmH8LJJBkOTg1N0tOA0fvA=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-knative.dev/hack v0.0.0-20241223131256-cad8c71aac6f h1:oxX1EcylITqArcVb2AdYTD8dPvgx/4+J4YbA1f0QXQg=
-knative.dev/hack v0.0.0-20241223131256-cad8c71aac6f/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY=
+knative.dev/hack v0.0.0-20241227080210-e92a16ae0893 h1:zy7LwNJ2S7obPMHVAtxQgZPXxBTZzoxHbtb6uhxOl7Q=
+knative.dev/hack v0.0.0-20241227080210-e92a16ae0893/go.mod h1:R0ritgYtjLDO9527h5vb5X6gfvt5LCrJ55BNbVDsWiY=
 knative.dev/networking v0.0.0-20241213084654-8b69a35edbf3 h1:nJzte4HE7qkVQ/AEWDgFm+3yOWuRjGcaRacmlD2vu9I=
 knative.dev/networking v0.0.0-20241213084654-8b69a35edbf3/go.mod h1:nhaf+dGDhLRg0ez4Bm8aX79LD3ohZlSCgsGdu5TbRHU=
 knative.dev/pkg v0.0.0-20241223131119-4c901591eb4a h1:31rLKAGHeQEkxMOc/h4XCmHOTiR/1R4NRPvJ3wg05WY=
 knative.dev/pkg v0.0.0-20241223131119-4c901591eb4a/go.mod h1:C2dxK66GlycMOS0SKqv0SMAnWkxsYbG4hkH32Xg1qD0=
-knative.dev/serving v0.43.1-0.20241220114912-06281ebc6d81 h1:UCYaiznNE2iUl5JJzfhtDKH6K25u276k4A1ky2I2k48=
-knative.dev/serving v0.43.1-0.20241220114912-06281ebc6d81/go.mod h1:t4ry8crQ2u732iZdr6nBcOfx9ulNc1uyfS2TeALLOKM=
+knative.dev/serving v0.43.1-0.20250106182356-0d589da56eb6 h1:9lCR3NK5IvJI51B88qU7rwQPj7N6RpIS1ESzBfnphG0=
+knative.dev/serving v0.43.1-0.20250106182356-0d589da56eb6/go.mod h1:t4ry8crQ2u732iZdr6nBcOfx9ulNc1uyfS2TeALLOKM=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/vendor/knative.dev/hack/infra-library.sh b/vendor/knative.dev/hack/infra-library.sh
index 83eacfa6..ba5b1818 100644
--- a/vendor/knative.dev/hack/infra-library.sh
+++ b/vendor/knative.dev/hack/infra-library.sh
@@ -21,7 +21,7 @@ source "$(dirname "${BASH_SOURCE[0]:-$0}")/library.sh"
 
 # Default Kubernetes version to use for GKE, if not overridden with
 # the `--cluster-version` parameter.
-readonly GKE_DEFAULT_CLUSTER_VERSION="1.28"
+readonly GKE_DEFAULT_CLUSTER_VERSION="1.30"
 
 # Dumps the k8s api server metrics. Spins up a proxy, waits a little bit and
 # dumps the metrics to ${ARTIFACTS}/k8s.metrics.txt
diff --git a/vendor/knative.dev/serving/pkg/apis/config/features.go b/vendor/knative.dev/serving/pkg/apis/config/features.go
index 57b0bbe4..79f381d4 100644
--- a/vendor/knative.dev/serving/pkg/apis/config/features.go
+++ b/vendor/knative.dev/serving/pkg/apis/config/features.go
@@ -72,6 +72,7 @@ func defaultFeaturesConfig() *Features {
 		ContainerSpecAddCapabilities:     Disabled,
 		PodSpecTolerations:               Disabled,
 		PodSpecVolumesEmptyDir:           Enabled,
+		PodSpecVolumesHostPath:           Disabled,
 		PodSpecPersistentVolumeClaim:     Disabled,
 		PodSpecPersistentVolumeWrite:     Disabled,
 		QueueProxyMountPodInfo:           Disabled,
@@ -107,6 +108,7 @@ func NewFeaturesConfigFromMap(data map[string]string) (*Features, error) {
 		asFlag("kubernetes.containerspec-addcapabilities", &nc.ContainerSpecAddCapabilities),
 		asFlag("kubernetes.podspec-tolerations", &nc.PodSpecTolerations),
 		asFlag("kubernetes.podspec-volumes-emptydir", &nc.PodSpecVolumesEmptyDir),
+		asFlag("kubernetes.podspec-volumes-hostpath", &nc.PodSpecVolumesHostPath),
 		asFlag("kubernetes.podspec-hostipc", &nc.PodSpecHostIPC),
 		asFlag("kubernetes.podspec-hostpid", &nc.PodSpecHostPID),
 		asFlag("kubernetes.podspec-hostnetwork", &nc.PodSpecHostNetwork),
@@ -151,6 +153,7 @@ type Features struct {
 	ContainerSpecAddCapabilities     Flag
 	PodSpecTolerations               Flag
 	PodSpecVolumesEmptyDir           Flag
+	PodSpecVolumesHostPath           Flag
 	PodSpecInitContainers            Flag
 	PodSpecPersistentVolumeClaim     Flag
 	PodSpecPersistentVolumeWrite     Flag
diff --git a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
index faff5dba..142d42d3 100644
--- a/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
+++ b/vendor/knative.dev/serving/pkg/apis/serving/fieldmask.go
@@ -66,6 +66,10 @@ func VolumeSourceMask(ctx context.Context, in *corev1.VolumeSource) *corev1.Volu
 		out.PersistentVolumeClaim = in.PersistentVolumeClaim
 	}
 
+	if cfg.Features.PodSpecVolumesHostPath != config.Disabled {
+		out.HostPath = in.HostPath
+	}
+
 	// Too many disallowed fields to list
 
 	return out
@@ -710,10 +714,12 @@ func SecurityContextMask(ctx context.Context, in *corev1.SecurityContext) *corev
 	// SeccompProfile defaults to "unconstrained", but the safe values are
 	// "RuntimeDefault" or "Localhost" (with localhost path set)
 	out.SeccompProfile = in.SeccompProfile
-
+	// Only allow setting Privileged to false
+	if in.Privileged != nil && !*in.Privileged {
+		out.Privileged = in.Privileged
+	}
 	// Disallowed
 	// This list is unnecessary, but added here for clarity
-	out.Privileged = nil
 	out.SELinuxOptions = nil
 	out.ProcMount = nil
 
diff --git a/vendor/modules.txt b/vendor/modules.txt
index a78cf923..b12c0c9d 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -795,7 +795,7 @@ k8s.io/utils/pointer
 k8s.io/utils/ptr
 k8s.io/utils/strings/slices
 k8s.io/utils/trace
-# knative.dev/hack v0.0.0-20241223131256-cad8c71aac6f
+# knative.dev/hack v0.0.0-20241227080210-e92a16ae0893
 ## explicit; go 1.21
 knative.dev/hack
 # knative.dev/networking v0.0.0-20241213084654-8b69a35edbf3
@@ -838,7 +838,7 @@ knative.dev/pkg/tracing/propagation
 knative.dev/pkg/tracing/propagation/tracecontextb3
 knative.dev/pkg/tracker
 knative.dev/pkg/websocket
-# knative.dev/serving v0.43.1-0.20241220114912-06281ebc6d81
+# knative.dev/serving v0.43.1-0.20250106182356-0d589da56eb6
 ## explicit; go 1.22.7
 knative.dev/serving/pkg/activator
 knative.dev/serving/pkg/apis/autoscaling