Old versions of kustomize, helm, git-lfs used

[rimasgo]

Summary

I have gone through the code and noticed that a 'hack' is used to install these products ( ./hack/tool-versions.sh)

As of right now current kustomize version is 4.5.2 and helm is at 3.8.1 but the before mentioned file points to kustomize-4.4.1 and helm-3.8.0. Which are outdated.

Also git-lfs is installed with apt-get and it installs old version compared to what latest release is on https://github.com/git-lfs/git-lfs. Latest version available is 3.1.2 where on ArgoCD image it's 2.13.2. If I understand correctly package is no longer updated in standard apt sources - please check this https://packagecloud.io/github/git-lfs/install#bash-deb

Motivation

Vulnerability management - the tools used are of older versions compared to what we have in the community.
I have scanned images with the these tools and it's showing quite a lot of CVEs against those tools.

Proposal

Write extra set of code to get latest version of kustomize and helm or make sure to include latest version when doing a release.
Maybe similar hack approach should be used for git-lfs

[crenshaw-dev]

We should upgrade in 2.5. We already have a PR to update Kustomize. #9650

Example of a failing scan: https://cloud-native.slack.com/archives/C01TSERG0KZ/p1655306877510089?thread_ts=1654704973.741149&cid=C01TSERG0KZ

[crenshaw-dev]

We've updated all three dependencies in 2.5 (to be released soon). @rimasgo feel free to reopen if you need something done in 2.2-2.4.