use hash for more security

Author: chx

src/DrupalIssueForkCommand.php

@@ -31,10 +31,11 @@ protected function execute(InputInterface $input, OutputInterface $output): int
             return 1;
         }
         ['project' => $project, 'url' => $url, 'branch' => $branch] = $matches;
+        $url .= '.git';
         $project = "drupal/$project";
         $forkRepository = [
             'type' => 'git',
-            'url' =>  "$url.git",
+            'url' =>  $url,
         ];
         $found = FALSE;
         $fileName = Factory::getComposerFile();
@@ -50,12 +51,17 @@ protected function execute(InputInterface $input, OutputInterface $output): int
         if (!$found) {
             $config['repositories'][] = $forkRepository;
         }
-        if (isset($config['require-dev'][$project])) {
-          $config['require-dev'][$project] = "dev-$branch";
-        }
-        else {
-          $config['require'][$project] = "dev-$branch";
+        $constraint = "dev-$branch";
+        exec("git ls-remote -h $url", $output);
+        foreach ($output as $line) {
+            [$ref, $name] = explode("\t", $line);
+            if ($name === "refs/heads/$branch") {
+                $constraint .= "#$ref";
+                break;
+            }
         }
+        $key = isset($config['require-dev'][$project]) ? 'require-dev' : 'require';
+        $config[$key][$project] = $constraint;
         $this->writeConfig($file, $config);
         $io->writeError('<info>'.$fileName.' has been updated</info>');
         return 0;