diff --git a/go.mod b/go.mod
index 8be1182b3..ad8bd0d94 100644
--- a/go.mod
+++ b/go.mod
@@ -36,11 +36,11 @@ require (
 	k8s.io/api v0.30.2
 	k8s.io/apimachinery v0.30.2
 	k8s.io/client-go v12.0.0+incompatible
-	k8s.io/cloud-provider v0.30.1
+	k8s.io/cloud-provider v0.30.2
 	k8s.io/klog/v2 v2.120.1
 	k8s.io/kubernetes v1.30.1
-	k8s.io/mount-utils v0.29.3
-	k8s.io/pod-security-admission v0.30.1
+	k8s.io/mount-utils v0.30.2
+	k8s.io/pod-security-admission v0.30.2
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	sigs.k8s.io/controller-runtime v0.18.4
 )
@@ -175,11 +175,11 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.30.1 // indirect
-	k8s.io/apiserver v0.30.1 // indirect
-	k8s.io/component-base v0.30.1 // indirect
-	k8s.io/component-helpers v0.30.1 // indirect
-	k8s.io/controller-manager v0.30.1 // indirect
-	k8s.io/kms v0.30.1 // indirect
+	k8s.io/apiserver v0.30.2 // indirect
+	k8s.io/component-base v0.30.2 // indirect
+	k8s.io/component-helpers v0.30.2 // indirect
+	k8s.io/controller-manager v0.30.2 // indirect
+	k8s.io/kms v0.30.2 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/kubectl v0.0.0 // indirect
 	k8s.io/kubelet v0.0.0 // indirect
@@ -200,34 +200,34 @@ replace (
 	// k8s.io/kubernetes depends on these k8s.io packages, but unversioned
 	//
 	k8s.io/api => k8s.io/api v0.30.2
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.1
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.2
 	k8s.io/apimachinery => k8s.io/apimachinery v0.30.2
-	k8s.io/apiserver => k8s.io/apiserver v0.30.1
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.1
-	k8s.io/client-go => k8s.io/client-go v0.30.1
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.1
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.1
-	k8s.io/code-generator => k8s.io/code-generator v0.30.1
-	k8s.io/component-base => k8s.io/component-base v0.30.1
-	k8s.io/component-helpers => k8s.io/component-helpers v0.30.1
-	k8s.io/controller-manager => k8s.io/controller-manager v0.30.1
-	k8s.io/cri-api => k8s.io/cri-api v0.30.1
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.1
-	k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.1
-	k8s.io/endpointslice => k8s.io/endpointslice v0.30.1
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.1
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.1
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.1
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.1
-	k8s.io/kubectl => k8s.io/kubectl v0.30.1
-	k8s.io/kubelet => k8s.io/kubelet v0.30.1
-	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.1
-	k8s.io/metrics => k8s.io/metrics v0.30.1
+	k8s.io/apiserver => k8s.io/apiserver v0.30.2
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.2
+	k8s.io/client-go => k8s.io/client-go v0.30.2
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.2
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.2
+	k8s.io/code-generator => k8s.io/code-generator v0.30.2
+	k8s.io/component-base => k8s.io/component-base v0.30.2
+	k8s.io/component-helpers => k8s.io/component-helpers v0.30.2
+	k8s.io/controller-manager => k8s.io/controller-manager v0.30.2
+	k8s.io/cri-api => k8s.io/cri-api v0.30.2
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.2
+	k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.2
+	k8s.io/endpointslice => k8s.io/endpointslice v0.30.2
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.2
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.2
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.2
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.2
+	k8s.io/kubectl => k8s.io/kubectl v0.30.2
+	k8s.io/kubelet => k8s.io/kubelet v0.30.2
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.2
+	k8s.io/metrics => k8s.io/metrics v0.30.2
 
 	// TODO: replace with latest once https://github.com/ceph/ceph-csi/issues/4633 is fixed
 	k8s.io/mount-utils => k8s.io/mount-utils v0.29.3
-	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.1
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.1
+	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.2
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.2
 	// layeh.com seems to be misbehaving
 	layeh.com/radius => github.com/layeh/radius v0.0.0-20190322222518-890bc1058917
 )
diff --git a/go.sum b/go.sum
index 1022e4198..00a143863 100644
--- a/go.sum
+++ b/go.sum
@@ -2611,25 +2611,25 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las=
 k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI=
 k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI=
-k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws=
-k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4=
+k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE=
+k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw=
 k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg=
 k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
-k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8=
-k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo=
-k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q=
-k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc=
-k8s.io/cloud-provider v0.30.1 h1:OslHpog97zG9Kr7/vV1ki8nLKq8xTPUkN/kepCxBqKI=
-k8s.io/cloud-provider v0.30.1/go.mod h1:1uZp+FSskXQoeAAIU91/XCO8X/9N1U3z5usYeSLT4MI=
-k8s.io/code-generator v0.30.1/go.mod h1:hFgxRsvOUg79mbpbVKfjJvRhVz1qLoe40yZDJ/hwRH4=
-k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ=
-k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI=
-k8s.io/component-helpers v0.30.1 h1:/UcxSLzZ0owluTE2WMDrFfZl2L+WVXKdYYYm68qnH7U=
-k8s.io/component-helpers v0.30.1/go.mod h1:b1Xk27UJ3p/AmPqDx7khrnSxrdwQy9gTP7O1y6MZ6rg=
-k8s.io/controller-manager v0.30.1 h1:vrpfinHQWGf40U08Zmrt+QxK/2yTgjJl/9DKtjaB1gI=
-k8s.io/controller-manager v0.30.1/go.mod h1:8rTEPbn8LRKC/vS+If+JAKBfsftCfTMaF8/n4SJC+PQ=
-k8s.io/csi-translation-lib v0.30.1 h1:fIBtNMQjyr7HFv3xGSSH9cWOQS1K1kIBmZ1zRsHuVKs=
-k8s.io/csi-translation-lib v0.30.1/go.mod h1:l0HrIBIxUKRvqnNWqn6AXTYgUa2mAFLT6bjo1lU+55U=
+k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw=
+k8s.io/apiserver v0.30.2/go.mod h1:BOTdFBIch9Sv0ypSEcUR6ew/NUFGocRFNl72Ra7wTm8=
+k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50=
+k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs=
+k8s.io/cloud-provider v0.30.2 h1:yov6r02v7sMUNNvzEz51LtL2krn2c1wsC+dy/8BxKQI=
+k8s.io/cloud-provider v0.30.2/go.mod h1:w69t2dSjDtI9BYK6SEqj6HmMKIojEk08fXRoUzjFN2I=
+k8s.io/code-generator v0.30.2/go.mod h1:RQP5L67QxqgkVquk704CyvWFIq0e6RCMmLTXxjE8dVA=
+k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII=
+k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE=
+k8s.io/component-helpers v0.30.2 h1:kDMYLiWEYeWU7H6jBI+Ua1i2hqNh0DzqDHNIppFC3po=
+k8s.io/component-helpers v0.30.2/go.mod h1:tI0anfS6AbRqooaICkGg7UVAQLedOauVSQW9srDBnJw=
+k8s.io/controller-manager v0.30.2 h1:tC7V7IdGUW2I4de3bXx4m2fS3naP7VlCYlECCajK9fU=
+k8s.io/controller-manager v0.30.2/go.mod h1:CYltIHGhCgldEkXT5vS2JHCCWM1WyBI4kA2UfP9cZvY=
+k8s.io/csi-translation-lib v0.30.2 h1:ZcFVMWDHg7feW3mtdl+xClgmw1Yxv7m9ysOKt8h3K8Y=
+k8s.io/csi-translation-lib v0.30.2/go.mod h1:jFT8vquP6eSDUwDHk0mKT6uKFWlZp60ecUEUhmlGsOY=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8=
 k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
@@ -2639,22 +2639,22 @@ k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
 k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kms v0.30.1 h1:gEIbEeCbFiaN2tNfp/EUhFdGr5/CSj8Eyq6Mkr7cCiY=
-k8s.io/kms v0.30.1/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4=
+k8s.io/kms v0.30.2 h1:VSZILO/tkzrz5Tu2j+yFQZ2Dc5JerQZX2GqhFJbQrfw=
+k8s.io/kms v0.30.2/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4=
 k8s.io/kube-openapi v0.0.0-20180731170545-e3762e86a74c/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc=
 k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/kubectl v0.30.1 h1:sHFIRI3oP0FFZmBAVEE8ErjnTyXDPkBcvO88mH9RjuY=
-k8s.io/kubectl v0.30.1/go.mod h1:7j+L0Cc38RYEcx+WH3y44jRBe1Q1jxdGPKkX0h4iDq0=
-k8s.io/kubelet v0.30.1 h1:6gS1gWjrefUGfC/9n0ITOzxnKyt89FfkIhom70Bola4=
-k8s.io/kubelet v0.30.1/go.mod h1:5IUeAt3YlIfLNdT/YfRuCCONfEefm7qfcqz81b002Z8=
+k8s.io/kubectl v0.30.2 h1:cgKNIvsOiufgcs4yjvgkK0+aPCfa8pUwzXdJtkbhsH8=
+k8s.io/kubectl v0.30.2/go.mod h1:rz7GHXaxwnigrqob0lJsiA07Df8RE3n1TSaC2CTeuB4=
+k8s.io/kubelet v0.30.2 h1:Ck4E/pHndI20IzDXxS57dElhDGASPO5pzXF7BcKfmCY=
+k8s.io/kubelet v0.30.2/go.mod h1:DSwwTbLQmdNkebAU7ypIALR4P9aXZNFwgRmedojUE94=
 k8s.io/kubernetes v1.30.1 h1:XlqS6KslLEA5mQzLK2AJrhr4Z1m8oJfkhHiWJ5lue+I=
 k8s.io/kubernetes v1.30.1/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0=
 k8s.io/mount-utils v0.29.3 h1:iEcqPP7Vv8UClH8nnMfovtmy/04fIloRW9JuSXykoZ0=
 k8s.io/mount-utils v0.29.3/go.mod h1:9IWJTMe8tG0MYMLEp60xK9GYVeCdA3g4LowmnVi+t9Y=
-k8s.io/pod-security-admission v0.30.1 h1:r2NQSNXfnZDnm6KvLv1sYgai1ZXuO+m0qn11/Xymkf8=
-k8s.io/pod-security-admission v0.30.1/go.mod h1:O5iry5U8N0CvtfI5kfe0CZ0Ct/KYj057j6Pa+QIwp24=
+k8s.io/pod-security-admission v0.30.2 h1:UlHnkvvOr+rgQplOqD+SHzLUF8EgKIOCpDU8kaMeTQQ=
+k8s.io/pod-security-admission v0.30.2/go.mod h1:gMUJUG9zOgNBk0VIz5BS7uIYiYPEoXkBSeHh6rG2m8c=
 k8s.io/utils v0.0.0-20190506122338-8fab8cb257d5/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/compile.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/compile.go
index b7b589d27..bb5e233d4 100644
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/compile.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/compile.go
@@ -222,40 +222,48 @@ func (c compiler) CompileCELExpression(expressionAccessor ExpressionAccessor, op
 func mustBuildEnvs(baseEnv *environment.EnvSet) variableDeclEnvs {
 	requestType := BuildRequestType()
 	namespaceType := BuildNamespaceType()
-	envs := make(variableDeclEnvs, 4) // since the number of variable combinations is small, pre-build a environment for each
+	envs := make(variableDeclEnvs, 8) // since the number of variable combinations is small, pre-build a environment for each
 	for _, hasParams := range []bool{false, true} {
 		for _, hasAuthorizer := range []bool{false, true} {
-			var envOpts []cel.EnvOption
-			if hasParams {
-				envOpts = append(envOpts, cel.Variable(ParamsVarName, cel.DynType))
-			}
-			if hasAuthorizer {
+			for _, strictCost := range []bool{false, true} {
+				var envOpts []cel.EnvOption
+				if hasParams {
+					envOpts = append(envOpts, cel.Variable(ParamsVarName, cel.DynType))
+				}
+				if hasAuthorizer {
+					envOpts = append(envOpts,
+						cel.Variable(AuthorizerVarName, library.AuthorizerType),
+						cel.Variable(RequestResourceAuthorizerVarName, library.ResourceCheckType))
+				}
 				envOpts = append(envOpts,
-					cel.Variable(AuthorizerVarName, library.AuthorizerType),
-					cel.Variable(RequestResourceAuthorizerVarName, library.ResourceCheckType))
-			}
-			envOpts = append(envOpts,
-				cel.Variable(ObjectVarName, cel.DynType),
-				cel.Variable(OldObjectVarName, cel.DynType),
-				cel.Variable(NamespaceVarName, namespaceType.CelType()),
-				cel.Variable(RequestVarName, requestType.CelType()))
+					cel.Variable(ObjectVarName, cel.DynType),
+					cel.Variable(OldObjectVarName, cel.DynType),
+					cel.Variable(NamespaceVarName, namespaceType.CelType()),
+					cel.Variable(RequestVarName, requestType.CelType()))
 
-			extended, err := baseEnv.Extend(
-				environment.VersionedOptions{
-					// Feature epoch was actually 1.26, but we artificially set it to 1.0 because these
-					// options should always be present.
-					IntroducedVersion: version.MajorMinor(1, 0),
-					EnvOptions:        envOpts,
-					DeclTypes: []*apiservercel.DeclType{
-						namespaceType,
-						requestType,
+				extended, err := baseEnv.Extend(
+					environment.VersionedOptions{
+						// Feature epoch was actually 1.26, but we artificially set it to 1.0 because these
+						// options should always be present.
+						IntroducedVersion: version.MajorMinor(1, 0),
+						EnvOptions:        envOpts,
+						DeclTypes: []*apiservercel.DeclType{
+							namespaceType,
+							requestType,
+						},
 					},
-				},
-			)
-			if err != nil {
-				panic(fmt.Sprintf("environment misconfigured: %v", err))
+				)
+				if err != nil {
+					panic(fmt.Sprintf("environment misconfigured: %v", err))
+				}
+				if strictCost {
+					extended, err = extended.Extend(environment.StrictCostOpt)
+					if err != nil {
+						panic(fmt.Sprintf("environment misconfigured: %v", err))
+					}
+				}
+				envs[OptionalVariableDeclarations{HasParams: hasParams, HasAuthorizer: hasAuthorizer, StrictCost: strictCost}] = extended
 			}
-			envs[OptionalVariableDeclarations{HasParams: hasParams, HasAuthorizer: hasAuthorizer}] = extended
 		}
 	}
 	return envs
diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/interface.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/interface.go
index c9f4e6336..ae61dc826 100644
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/interface.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/cel/interface.go
@@ -57,10 +57,12 @@ type OptionalVariableDeclarations struct {
 	// HasParams specifies if the "params" variable is declared.
 	// The "params" variable may still be bound to "null" when declared.
 	HasParams bool
-	// HasAuthorizer specifies if the"authorizer" and "authorizer.requestResource"
+	// HasAuthorizer specifies if the "authorizer" and "authorizer.requestResource"
 	// variables are declared. When declared, the authorizer variables are
 	// expected to be non-null.
 	HasAuthorizer bool
+	// StrictCost specifies if the CEL cost limitation is strict for extended libraries as well as native libraries.
+	StrictCost bool
 }
 
 // FilterCompiler contains a function to assist with converting types and values to/from CEL-typed values.
diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/plugin.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/plugin.go
index c286cffbd..fb097737a 100644
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/plugin.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/plugin.go
@@ -31,6 +31,7 @@ import (
 	"k8s.io/apiserver/pkg/authorization/authorizer"
 	"k8s.io/apiserver/pkg/cel/environment"
 	"k8s.io/apiserver/pkg/features"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
@@ -43,13 +44,21 @@ const (
 )
 
 var (
-	compositionEnvTemplate *cel.CompositionEnv = func() *cel.CompositionEnv {
-		compositionEnvTemplate, err := cel.NewCompositionEnv(cel.VariablesTypeName, environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion()))
+	compositionEnvTemplateWithStrictCost *cel.CompositionEnv = func() *cel.CompositionEnv {
+		compositionEnvTemplateWithStrictCost, err := cel.NewCompositionEnv(cel.VariablesTypeName, environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), true))
 		if err != nil {
 			panic(err)
 		}
 
-		return compositionEnvTemplate
+		return compositionEnvTemplateWithStrictCost
+	}()
+	compositionEnvTemplateWithoutStrictCost *cel.CompositionEnv = func() *cel.CompositionEnv {
+		compositionEnvTemplateWithoutStrictCost, err := cel.NewCompositionEnv(cel.VariablesTypeName, environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), false))
+		if err != nil {
+			panic(err)
+		}
+
+		return compositionEnvTemplateWithoutStrictCost
 	}()
 )
 
@@ -114,12 +123,18 @@ func compilePolicy(policy *Policy) Validator {
 	if policy.Spec.ParamKind != nil {
 		hasParam = true
 	}
-	optionalVars := cel.OptionalVariableDeclarations{HasParams: hasParam, HasAuthorizer: true}
-	expressionOptionalVars := cel.OptionalVariableDeclarations{HasParams: hasParam, HasAuthorizer: false}
+	strictCost := utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForVAP)
+	optionalVars := cel.OptionalVariableDeclarations{HasParams: hasParam, HasAuthorizer: true, StrictCost: strictCost}
+	expressionOptionalVars := cel.OptionalVariableDeclarations{HasParams: hasParam, HasAuthorizer: false, StrictCost: strictCost}
 	failurePolicy := policy.Spec.FailurePolicy
 	var matcher matchconditions.Matcher = nil
 	matchConditions := policy.Spec.MatchConditions
-
+	var compositionEnvTemplate *cel.CompositionEnv
+	if strictCost {
+		compositionEnvTemplate = compositionEnvTemplateWithStrictCost
+	} else {
+		compositionEnvTemplate = compositionEnvTemplateWithoutStrictCost
+	}
 	filterCompiler := cel.NewCompositedCompilerFromTemplate(compositionEnvTemplate)
 	filterCompiler.CompileAndStoreVariables(convertv1beta1Variables(policy.Spec.Variables), optionalVars, environment.StoredExpressions)
 
diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/typechecking.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/typechecking.go
index 16184b4ba..192be9621 100644
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/typechecking.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/policy/validating/typechecking.go
@@ -39,6 +39,8 @@ import (
 	"k8s.io/apiserver/pkg/cel/library"
 	"k8s.io/apiserver/pkg/cel/openapi"
 	"k8s.io/apiserver/pkg/cel/openapi/resolver"
+	"k8s.io/apiserver/pkg/features"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/klog/v2"
 )
 
@@ -210,6 +212,7 @@ func (c *TypeChecker) CheckExpression(ctx *TypeCheckingContext, expression strin
 		options := plugincel.OptionalVariableDeclarations{
 			HasParams:     ctx.paramDeclType != nil,
 			HasAuthorizer: true,
+			StrictCost:    utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForVAP),
 		}
 		compiler.CompileAndStoreVariables(convertv1beta1Variables(ctx.variables), options, environment.StoredExpressions)
 		result := compiler.CompileCELExpression(celExpression(expression), options, environment.StoredExpressions)
@@ -391,7 +394,7 @@ func (c *TypeChecker) tryRefreshRESTMapper() {
 }
 
 func buildEnvSet(hasParams bool, hasAuthorizer bool, types typeOverwrite) (*environment.EnvSet, error) {
-	baseEnv := environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion())
+	baseEnv := environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForVAP))
 	requestType := plugincel.BuildRequestType()
 	namespaceType := plugincel.BuildNamespaceType()
 
diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go
index e60d245a6..f23580cc0 100644
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go
@@ -27,6 +27,8 @@ import (
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/namespace"
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/object"
 	"k8s.io/apiserver/pkg/cel/environment"
+	"k8s.io/apiserver/pkg/features"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	webhookutil "k8s.io/apiserver/pkg/util/webhook"
 	"k8s.io/client-go/rest"
 )
@@ -139,11 +141,16 @@ func (m *mutatingWebhookAccessor) GetCompiledMatcher(compiler cel.FilterCompiler
 				Expression: matchCondition.Expression,
 			}
 		}
+		strictCost := false
+		if utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForWebhooks) {
+			strictCost = true
+		}
 		m.compiledMatcher = matchconditions.NewMatcher(compiler.Compile(
 			expressions,
 			cel.OptionalVariableDeclarations{
 				HasParams:     false,
 				HasAuthorizer: true,
+				StrictCost:    strictCost,
 			},
 			environment.StoredExpressions,
 		), m.FailurePolicy, "webhook", "admit", m.Name)
@@ -267,11 +274,16 @@ func (v *validatingWebhookAccessor) GetCompiledMatcher(compiler cel.FilterCompil
 				Expression: matchCondition.Expression,
 			}
 		}
+		strictCost := false
+		if utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForWebhooks) {
+			strictCost = true
+		}
 		v.compiledMatcher = matchconditions.NewMatcher(compiler.Compile(
 			expressions,
 			cel.OptionalVariableDeclarations{
 				HasParams:     false,
 				HasAuthorizer: true,
+				StrictCost:    strictCost,
 			},
 			environment.StoredExpressions,
 		), v.FailurePolicy, "webhook", "validating", v.Name)
diff --git a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go
index 6a513f1c1..f067b3f72 100644
--- a/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go
+++ b/vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go
@@ -21,7 +21,6 @@ import (
 	"fmt"
 	"io"
 
-	admissionmetrics "k8s.io/apiserver/pkg/admission/metrics"
 	"k8s.io/klog/v2"
 
 	admissionv1 "k8s.io/api/admission/v1"
@@ -31,6 +30,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apiserver/pkg/admission"
 	genericadmissioninit "k8s.io/apiserver/pkg/admission/initializer"
+	admissionmetrics "k8s.io/apiserver/pkg/admission/metrics"
 	"k8s.io/apiserver/pkg/admission/plugin/cel"
 	"k8s.io/apiserver/pkg/admission/plugin/webhook"
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/config"
@@ -39,6 +39,8 @@ import (
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/predicates/rules"
 	"k8s.io/apiserver/pkg/authorization/authorizer"
 	"k8s.io/apiserver/pkg/cel/environment"
+	"k8s.io/apiserver/pkg/features"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	webhookutil "k8s.io/apiserver/pkg/util/webhook"
 	"k8s.io/client-go/informers"
 	clientset "k8s.io/client-go/kubernetes"
@@ -100,7 +102,7 @@ func NewWebhook(handler *admission.Handler, configFile io.Reader, sourceFactory
 		namespaceMatcher: &namespace.Matcher{},
 		objectMatcher:    &object.Matcher{},
 		dispatcher:       dispatcherFactory(&cm),
-		filterCompiler:   cel.NewFilterCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion())),
+		filterCompiler:   cel.NewFilterCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), utilfeature.DefaultFeatureGate.Enabled(features.StrictCostEnforcementForWebhooks))),
 	}, nil
 }
 
diff --git a/vendor/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go b/vendor/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go
index 35ee8a450..471eb4a74 100644
--- a/vendor/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/apiserver/validation/validation.go
@@ -91,7 +91,8 @@ func CompileAndValidateJWTAuthenticator(authenticator api.JWTAuthenticator, disa
 func validateJWTAuthenticator(authenticator api.JWTAuthenticator, fldPath *field.Path, disallowedIssuers sets.Set[string], structuredAuthnFeatureEnabled bool) (authenticationcel.CELMapper, field.ErrorList) {
 	var allErrs field.ErrorList
 
-	compiler := authenticationcel.NewCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion()))
+	// strictCost is set to true which enables the strict cost for CEL validation.
+	compiler := authenticationcel.NewCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), true))
 	state := &validationState{}
 
 	allErrs = append(allErrs, validateIssuer(authenticator.Issuer, disallowedIssuers, fldPath.Child("issuer"))...)
@@ -722,7 +723,8 @@ func compileMatchConditions(matchConditions []api.WebhookMatchCondition, fldPath
 		return nil, allErrs
 	}
 
-	compiler := authorizationcel.NewCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion()))
+	// strictCost is set to true which enables the strict cost for CEL validation.
+	compiler := authorizationcel.NewCompiler(environment.MustBaseEnvSet(environment.DefaultCompatibilityVersion(), true))
 	seenExpressions := sets.NewString()
 	var compilationResults []authorizationcel.CompilationResult
 
diff --git a/vendor/k8s.io/apiserver/pkg/cel/environment/base.go b/vendor/k8s.io/apiserver/pkg/cel/environment/base.go
index c108bdd64..2cea83c2e 100644
--- a/vendor/k8s.io/apiserver/pkg/cel/environment/base.go
+++ b/vendor/k8s.io/apiserver/pkg/cel/environment/base.go
@@ -46,7 +46,9 @@ func DefaultCompatibilityVersion() *version.Version {
 	return version.MajorMinor(1, 29)
 }
 
-var baseOpts = []VersionedOptions{
+var baseOpts = append(baseOptsWithoutStrictCost, StrictCostOpt)
+
+var baseOptsWithoutStrictCost = []VersionedOptions{
 	{
 		// CEL epoch was actually 1.23, but we artificially set it to 1.0 because these
 		// options should always be present.
@@ -132,6 +134,14 @@ var baseOpts = []VersionedOptions{
 	},
 }
 
+var StrictCostOpt = VersionedOptions{
+	// This is to configure the cost calculation for extended libraries
+	IntroducedVersion: version.MajorMinor(1, 0),
+	ProgramOptions: []cel.ProgramOption{
+		cel.CostTracking(&library.CostEstimator{}),
+	},
+}
+
 // MustBaseEnvSet returns the common CEL base environments for Kubernetes for Version, or panics
 // if the version is nil, or does not have major and minor components.
 //
@@ -141,7 +151,8 @@ var baseOpts = []VersionedOptions{
 // The returned environment contains no CEL variable definitions or custom type declarations and
 // should be extended to construct environments with the appropriate variable definitions,
 // type declarations and any other needed configuration.
-func MustBaseEnvSet(ver *version.Version) *EnvSet {
+// strictCost is used to determine whether to enforce strict cost calculation for CEL expressions.
+func MustBaseEnvSet(ver *version.Version, strictCost bool) *EnvSet {
 	if ver == nil {
 		panic("version must be non-nil")
 	}
@@ -149,19 +160,33 @@ func MustBaseEnvSet(ver *version.Version) *EnvSet {
 		panic(fmt.Sprintf("version must contain an major and minor component, but got: %s", ver.String()))
 	}
 	key := strconv.FormatUint(uint64(ver.Major()), 10) + "." + strconv.FormatUint(uint64(ver.Minor()), 10)
-	if entry, ok := baseEnvs.Load(key); ok {
-		return entry.(*EnvSet)
+	var entry interface{}
+	if strictCost {
+		if entry, ok := baseEnvs.Load(key); ok {
+			return entry.(*EnvSet)
+		}
+		entry, _, _ = baseEnvsSingleflight.Do(key, func() (interface{}, error) {
+			entry := mustNewEnvSet(ver, baseOpts)
+			baseEnvs.Store(key, entry)
+			return entry, nil
+		})
+	} else {
+		if entry, ok := baseEnvsWithOption.Load(key); ok {
+			return entry.(*EnvSet)
+		}
+		entry, _, _ = baseEnvsWithOptionSingleflight.Do(key, func() (interface{}, error) {
+			entry := mustNewEnvSet(ver, baseOptsWithoutStrictCost)
+			baseEnvsWithOption.Store(key, entry)
+			return entry, nil
+		})
 	}
 
-	entry, _, _ := baseEnvsSingleflight.Do(key, func() (interface{}, error) {
-		entry := mustNewEnvSet(ver, baseOpts)
-		baseEnvs.Store(key, entry)
-		return entry, nil
-	})
 	return entry.(*EnvSet)
 }
 
 var (
-	baseEnvs             = sync.Map{}
-	baseEnvsSingleflight = &singleflight.Group{}
+	baseEnvs                       = sync.Map{}
+	baseEnvsWithOption             = sync.Map{}
+	baseEnvsSingleflight           = &singleflight.Group{}
+	baseEnvsWithOptionSingleflight = &singleflight.Group{}
 )
diff --git a/vendor/k8s.io/apiserver/pkg/features/kube_features.go b/vendor/k8s.io/apiserver/pkg/features/kube_features.go
index dbd41b8c5..bae04d954 100644
--- a/vendor/k8s.io/apiserver/pkg/features/kube_features.go
+++ b/vendor/k8s.io/apiserver/pkg/features/kube_features.go
@@ -220,6 +220,24 @@ const (
 	// if the generated name conflicts with an existing resource name, up to a maximum number of 7 retries.
 	RetryGenerateName featuregate.Feature = "RetryGenerateName"
 
+	// owner: @cici37
+	// alpha: v1.30
+	//
+	// StrictCostEnforcementForVAP is used to apply strict CEL cost validation for ValidatingAdmissionPolicy.
+	// It will be set to off by default for certain time of period to prevent the impact on the existing users.
+	// It is strongly recommended to enable this feature gate as early as possible.
+	// The strict cost is specific for the extended libraries whose cost defined under k8s/apiserver/pkg/cel/library.
+	StrictCostEnforcementForVAP featuregate.Feature = "StrictCostEnforcementForVAP"
+
+	// owner: @cici37
+	// alpha: v1.30
+	//
+	// StrictCostEnforcementForWebhooks is used to apply strict CEL cost validation for matchConditions in Webhooks.
+	// It will be set to off by default for certain time of period to prevent the impact on the existing users.
+	// It is strongly recommended to enable this feature gate as early as possible.
+	// The strict cost is specific for the extended libraries whose cost defined under k8s/apiserver/pkg/cel/library.
+	StrictCostEnforcementForWebhooks featuregate.Feature = "StrictCostEnforcementForWebhooks"
+
 	// owner: @caesarxuchao @roycaihw
 	// alpha: v1.20
 	//
@@ -347,6 +365,10 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
 
 	StorageVersionHash: {Default: true, PreRelease: featuregate.Beta},
 
+	StrictCostEnforcementForVAP: {Default: false, PreRelease: featuregate.Beta},
+
+	StrictCostEnforcementForWebhooks: {Default: false, PreRelease: featuregate.Beta},
+
 	StructuredAuthenticationConfiguration: {Default: true, PreRelease: featuregate.Beta},
 
 	StructuredAuthorizationConfiguration: {Default: true, PreRelease: featuregate.Beta},
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 83549a7a9..6a98a37ed 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1001,7 +1001,7 @@ k8s.io/api/storage/v1
 k8s.io/api/storage/v1alpha1
 k8s.io/api/storage/v1beta1
 k8s.io/api/storagemigration/v1alpha1
-# k8s.io/apiextensions-apiserver v0.30.1 => k8s.io/apiextensions-apiserver v0.30.1
+# k8s.io/apiextensions-apiserver v0.30.1 => k8s.io/apiextensions-apiserver v0.30.2
 ## explicit; go 1.22.0
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
@@ -1070,7 +1070,7 @@ k8s.io/apimachinery/pkg/watch
 k8s.io/apimachinery/third_party/forked/golang/json
 k8s.io/apimachinery/third_party/forked/golang/netutil
 k8s.io/apimachinery/third_party/forked/golang/reflect
-# k8s.io/apiserver v0.30.1 => k8s.io/apiserver v0.30.1
+# k8s.io/apiserver v0.30.2 => k8s.io/apiserver v0.30.2
 ## explicit; go 1.22.0
 k8s.io/apiserver/pkg/admission
 k8s.io/apiserver/pkg/admission/configuration
@@ -1218,7 +1218,7 @@ k8s.io/apiserver/plugin/pkg/audit/webhook
 k8s.io/apiserver/plugin/pkg/authenticator/token/webhook
 k8s.io/apiserver/plugin/pkg/authorizer/webhook
 k8s.io/apiserver/plugin/pkg/authorizer/webhook/metrics
-# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.30.1
+# k8s.io/client-go v12.0.0+incompatible => k8s.io/client-go v0.30.2
 ## explicit; go 1.22.0
 k8s.io/client-go/applyconfigurations/admissionregistration/v1
 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
@@ -1552,7 +1552,7 @@ k8s.io/client-go/util/homedir
 k8s.io/client-go/util/keyutil
 k8s.io/client-go/util/retry
 k8s.io/client-go/util/workqueue
-# k8s.io/cloud-provider v0.30.1 => k8s.io/cloud-provider v0.30.1
+# k8s.io/cloud-provider v0.30.2 => k8s.io/cloud-provider v0.30.2
 ## explicit; go 1.22.0
 k8s.io/cloud-provider
 k8s.io/cloud-provider/app/config
@@ -1567,7 +1567,7 @@ k8s.io/cloud-provider/names
 k8s.io/cloud-provider/options
 k8s.io/cloud-provider/volume
 k8s.io/cloud-provider/volume/helpers
-# k8s.io/component-base v0.30.1 => k8s.io/component-base v0.30.1
+# k8s.io/component-base v0.30.2 => k8s.io/component-base v0.30.2
 ## explicit; go 1.22.0
 k8s.io/component-base/cli/flag
 k8s.io/component-base/config
@@ -1590,13 +1590,13 @@ k8s.io/component-base/metrics/testutil
 k8s.io/component-base/tracing
 k8s.io/component-base/tracing/api/v1
 k8s.io/component-base/version
-# k8s.io/component-helpers v0.30.1 => k8s.io/component-helpers v0.30.1
+# k8s.io/component-helpers v0.30.2 => k8s.io/component-helpers v0.30.2
 ## explicit; go 1.22.0
 k8s.io/component-helpers/node/util/sysctl
 k8s.io/component-helpers/scheduling/corev1
 k8s.io/component-helpers/scheduling/corev1/nodeaffinity
 k8s.io/component-helpers/storage/volume
-# k8s.io/controller-manager v0.30.1 => k8s.io/controller-manager v0.30.1
+# k8s.io/controller-manager v0.30.2 => k8s.io/controller-manager v0.30.2
 ## explicit; go 1.22.0
 k8s.io/controller-manager/config
 k8s.io/controller-manager/config/v1
@@ -1619,7 +1619,7 @@ k8s.io/klog/v2/internal/severity
 k8s.io/klog/v2/internal/sloghandler
 k8s.io/klog/v2/internal/verbosity
 k8s.io/klog/v2/textlogger
-# k8s.io/kms v0.30.1
+# k8s.io/kms v0.30.2
 ## explicit; go 1.22.0
 k8s.io/kms/apis/v1beta1
 k8s.io/kms/apis/v2
@@ -1646,11 +1646,11 @@ k8s.io/kube-openapi/pkg/validation/errors
 k8s.io/kube-openapi/pkg/validation/spec
 k8s.io/kube-openapi/pkg/validation/strfmt
 k8s.io/kube-openapi/pkg/validation/strfmt/bson
-# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.30.1
+# k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.30.2
 ## explicit; go 1.22.0
 k8s.io/kubectl/pkg/scale
 k8s.io/kubectl/pkg/util/podutils
-# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.30.1
+# k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.30.2
 ## explicit; go 1.22.0
 k8s.io/kubelet/pkg/apis
 k8s.io/kubelet/pkg/apis/stats/v1alpha1
@@ -1719,10 +1719,10 @@ k8s.io/kubernetes/test/utils
 k8s.io/kubernetes/test/utils/format
 k8s.io/kubernetes/test/utils/image
 k8s.io/kubernetes/test/utils/kubeconfig
-# k8s.io/mount-utils v0.29.3 => k8s.io/mount-utils v0.29.3
+# k8s.io/mount-utils v0.30.2 => k8s.io/mount-utils v0.29.3
 ## explicit; go 1.21
 k8s.io/mount-utils
-# k8s.io/pod-security-admission v0.30.1 => k8s.io/pod-security-admission v0.30.1
+# k8s.io/pod-security-admission v0.30.2 => k8s.io/pod-security-admission v0.30.2
 ## explicit; go 1.22.0
 k8s.io/pod-security-admission/api
 k8s.io/pod-security-admission/policy
@@ -1809,30 +1809,30 @@ sigs.k8s.io/yaml/goyaml.v2
 # github.com/portworx/sched-ops => github.com/portworx/sched-ops v0.20.4-openstorage-rc3
 # gomodules.xyz/jsonpatch/v2 => github.com/gomodules/jsonpatch/v2 v2.2.0
 # k8s.io/api => k8s.io/api v0.30.2
-# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.1
+# k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.2
 # k8s.io/apimachinery => k8s.io/apimachinery v0.30.2
-# k8s.io/apiserver => k8s.io/apiserver v0.30.1
-# k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.1
-# k8s.io/client-go => k8s.io/client-go v0.30.1
-# k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.1
-# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.1
-# k8s.io/code-generator => k8s.io/code-generator v0.30.1
-# k8s.io/component-base => k8s.io/component-base v0.30.1
-# k8s.io/component-helpers => k8s.io/component-helpers v0.30.1
-# k8s.io/controller-manager => k8s.io/controller-manager v0.30.1
-# k8s.io/cri-api => k8s.io/cri-api v0.30.1
-# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.1
-# k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.1
-# k8s.io/endpointslice => k8s.io/endpointslice v0.30.1
-# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.1
-# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.1
-# k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.1
-# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.1
-# k8s.io/kubectl => k8s.io/kubectl v0.30.1
-# k8s.io/kubelet => k8s.io/kubelet v0.30.1
-# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.1
-# k8s.io/metrics => k8s.io/metrics v0.30.1
+# k8s.io/apiserver => k8s.io/apiserver v0.30.2
+# k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.2
+# k8s.io/client-go => k8s.io/client-go v0.30.2
+# k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.2
+# k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.2
+# k8s.io/code-generator => k8s.io/code-generator v0.30.2
+# k8s.io/component-base => k8s.io/component-base v0.30.2
+# k8s.io/component-helpers => k8s.io/component-helpers v0.30.2
+# k8s.io/controller-manager => k8s.io/controller-manager v0.30.2
+# k8s.io/cri-api => k8s.io/cri-api v0.30.2
+# k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.2
+# k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.2
+# k8s.io/endpointslice => k8s.io/endpointslice v0.30.2
+# k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.2
+# k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.2
+# k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.2
+# k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.2
+# k8s.io/kubectl => k8s.io/kubectl v0.30.2
+# k8s.io/kubelet => k8s.io/kubelet v0.30.2
+# k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.2
+# k8s.io/metrics => k8s.io/metrics v0.30.2
 # k8s.io/mount-utils => k8s.io/mount-utils v0.29.3
-# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.1
-# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.1
+# k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.2
+# k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.2
 # layeh.com/radius => github.com/layeh/radius v0.0.0-20190322222518-890bc1058917