[Bug]: Version 2.8.0 binary incorrectly reports as version 2.7.2

[0xNotes]

Issue description

Description

The Sugar CLI v2.8.0 release binary incorrectly reports itself as v2.7.2 when running sugar -V, despite being a different binary from the actual v2.7.2 release.

## Environment
- OS: Manjaro Linux (Rolling)
- Kernel: Linux 6.6.54-2-MANJARO x86_64
- Shell: zsh (/usr/bin/zsh)
- Architecture: x86_64 GNU/Linux
- Installation method: Both direct download and installer script

Investigation Steps Taken

1. Initial state check:

bash
$ sugar -V
sugar-cli 2.7.2

2. Checked all possible cargo/sugar config locations:

$ cat ~/.zshrc ~/.bashrc ~/.profile ~/.zprofile ~/.bash_profile | grep -i "cargo"
export PATH="$HOME/.cargo/bin:$PATH"
. "$HOME/.cargo/env"
. "$HOME/.cargo/env"
. "$HOME/.cargo/env"

3. Complete removal of sugar and cargo state:

rm -rf ~/.cargo/bin/sugar
rm -rf ~/.cargo/registry/*
rm -rf ~/.cargo/.global-cache
rm -f ~/.cargo/.crates.toml
rm -f ~/.cargo/.crates2.json

4. Fresh install attempts - both methods still resulted in version mismatch:

• Via installer script
• Via direct download

5. Version verification:

# Checking available releases
$ curl -L --silent https://api.github.com/repos/metaplex-foundation/sugar/releases | grep -i "tag_name"
    "tag_name": "v2.8.0",
    "tag_name": "v2.7.4",
    "tag_name": "v2.7.3",
    "tag_name": "v2.7.2",

6. Binary comparison between versions:

# Download and hash both versions
$ cd /tmp
$ curl -L "https://github.com/metaplex-foundation/sugar/releases/download/v2.8.0/sugar-ubuntu-latest" --output sugar-2.8.0
$ curl -L "https://github.com/metaplex-foundation/sugar/releases/download/v2.7.2/sugar-ubuntu-latest" --output sugar-2.7.2
$ chmod +x sugar-2.8.0 sugar-2.7.2
$ sha256sum sugar-2.8.0 sugar-2.7.2
ee813a9f7a8a6339728984633725e1105d31ce9eedcd8f5a2d859af54eef39f3  sugar-2.8.0
ab2505f7764ab0686df30870f83f5e419d0c42bbb9cfb3c24382ca1ed44bfcd2  sugar-2.7.2

7. Verification of currently installed version:

$ sugar -V
sugar-cli 2.7.2
$ sha256sum ~/.cargo/bin/sugar
ee813a9f7a8a6339728984633725e1105d31ce9eedcd8f5a2d859af54eef39f3  /home/notes/.cargo/bin/sugar

Additional System Context

$ uname -a
Linux sigil 6.6.54-2-MANJARO #1 SMP PREEMPT_DYNAMIC Tue Oct  8 03:11:08 UTC 2024 x86_64 GNU/Linux

$ cat /etc/os-release
NAME="Manjaro Linux"
PRETTY_NAME="Manjaro Linux"
ID=manjaro
ID_LIKE=arch
BUILD_ID=rolling

PS Bonus issue in screenshot when I tried to email [email protected]

PS BONUS BONUS ISSUE

Email html link does not go to the email users will see

Solana wallet if this is worth anything to the team:
W3kTfwdyGoT48Hy5iSNY9gRuYAsQ6SNrysso17e77ZF

Relevant log output

No response

Priority this issue should have

Low (slightly annoying)

[0xNotes]

I think this might be worth escalating to medium

Rationale:
This affects Candy Machine, which is a Tier 2 program. It's a functional issue that could affect deployments and operations. Could cause confusion in production environments. Most importantly, it indicates a potential build/release process issue that could mask more serious problems.

The screenshots affect the security reporting process itself, which is critical for the bug bounty program.