diff --git a/lib/util/merge-confidence/index.spec.ts b/lib/util/merge-confidence/index.spec.ts
index b64be0b932373b..e76cc323849adb 100644
--- a/lib/util/merge-confidence/index.spec.ts
+++ b/lib/util/merge-confidence/index.spec.ts
@@ -155,6 +155,30 @@ describe('util/merge-confidence/index', () => {
         ).toBe('high');
       });
 
+      it('escapes a package name containing a forward slash', async () => {
+        const datasource = 'npm';
+        const packageName = '@jest/global';
+        const escapedPackageName = '@jest%2fglobal';
+        const currentVersion = '24.3.0';
+        const newVersion = '25.0.0';
+        httpMock
+          .scope(apiBaseUrl)
+          .get(
+            `/api/mc/json/${datasource}/${escapedPackageName}/${currentVersion}/${newVersion}`
+          )
+          .reply(200, { confidence: 'high' });
+
+        expect(
+          await getMergeConfidenceLevel(
+            datasource,
+            packageName,
+            currentVersion,
+            newVersion,
+            'major'
+          )
+        ).toBe('high');
+      });
+
       it('returns neutral on invalid merge confidence response from api', async () => {
         const datasource = 'npm';
         const depName = 'renovate';
diff --git a/lib/util/merge-confidence/index.ts b/lib/util/merge-confidence/index.ts
index a63d389c5312f8..d8be2bd742d076 100644
--- a/lib/util/merge-confidence/index.ts
+++ b/lib/util/merge-confidence/index.ts
@@ -66,7 +66,7 @@ const updateTypeConfidenceMapping: Record<UpdateType, MergeConfidence | null> =
  * Retrieves the merge confidence of a package update if the merge confidence API is enabled. Otherwise, undefined is returned.
  *
  * @param datasource
- * @param depName
+ * @param packageName
  * @param currentVersion
  * @param newVersion
  * @param updateType
@@ -76,7 +76,7 @@ const updateTypeConfidenceMapping: Record<UpdateType, MergeConfidence | null> =
  */
 export async function getMergeConfidenceLevel(
   datasource: string,
-  depName: string,
+  packageName: string,
   currentVersion: string,
   newVersion: string,
   updateType: UpdateType
@@ -98,14 +98,14 @@ export async function getMergeConfidenceLevel(
     return mappedConfidence;
   }
 
-  return await queryApi(datasource, depName, currentVersion, newVersion);
+  return await queryApi(datasource, packageName, currentVersion, newVersion);
 }
 
 /**
  * Queries the Merge Confidence API with the given package release information.
  *
  * @param datasource
- * @param depName
+ * @param packageName
  * @param currentVersion
  * @param newVersion
  *
@@ -117,7 +117,7 @@ export async function getMergeConfidenceLevel(
  */
 async function queryApi(
   datasource: string,
-  depName: string,
+  packageName: string,
   currentVersion: string,
   newVersion: string
 ): Promise<MergeConfidence> {
@@ -126,14 +126,21 @@ async function queryApi(
     return 'neutral';
   }
 
-  const url = `${apiBaseUrl}api/mc/json/${datasource}/${depName}/${currentVersion}/${newVersion}`;
+  const escapedPackageName = packageName.replace('/', '%2f');
+  const url = `${apiBaseUrl}api/mc/json/${datasource}/${escapedPackageName}/${currentVersion}/${newVersion}`;
   const cacheKey = `${token}:${url}`;
   const cachedResult = await packageCache.get(hostType, cacheKey);
 
   // istanbul ignore if
   if (cachedResult) {
     logger.debug(
-      { datasource, depName, currentVersion, newVersion, cachedResult },
+      {
+        datasource,
+        packageName,
+        currentVersion,
+        newVersion,
+        cachedResult,
+      },
       'using merge confidence cached result'
     );
     return cachedResult;