From 6560bedab8416de01f3a57b3fb7d79a3095abcd6 Mon Sep 17 00:00:00 2001
From: John Andrews <john.m.andrews@gmail.com>
Date: Thu, 31 Oct 2024 09:25:21 -0400
Subject: [PATCH] fix(manager/bundler): Escape special characters in bundler
 usernames (#32229)

Co-authored-by: Rhys Arkins <rhys@arkins.net>
---
 lib/modules/manager/bundler/host-rules.spec.ts | 9 +++++++++
 lib/modules/manager/bundler/host-rules.ts      | 3 ++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/modules/manager/bundler/host-rules.spec.ts b/lib/modules/manager/bundler/host-rules.spec.ts
index f54ae62f96..4f88798d29 100644
--- a/lib/modules/manager/bundler/host-rules.spec.ts
+++ b/lib/modules/manager/bundler/host-rules.spec.ts
@@ -28,6 +28,15 @@ describe('modules/manager/bundler/host-rules', () => {
         }),
       ).toBe('token');
     });
+
+    it('escapes special characters in the username but not the password', () => {
+      expect(
+        getAuthenticationHeaderValue({
+          username: 'test@example.com',
+          password: 'p@ssword',
+        }),
+      ).toBe('test%40example.com:p@ssword');
+    });
   });
 
   describe('findAllAuthenticatable()', () => {
diff --git a/lib/modules/manager/bundler/host-rules.ts b/lib/modules/manager/bundler/host-rules.ts
index a077709d6b..8c2f2ea22d 100644
--- a/lib/modules/manager/bundler/host-rules.ts
+++ b/lib/modules/manager/bundler/host-rules.ts
@@ -18,8 +18,9 @@ export function findAllAuthenticatable({
 
 export function getAuthenticationHeaderValue(hostRule: HostRule): string {
   if (hostRule.username) {
+    const username = encodeURIComponent(hostRule.username);
     // TODO: types (#22198)
-    return `${hostRule.username}:${hostRule.password!}`;
+    return `${username}:${hostRule.password!}`;
   }
 
   // TODO: types (#22198)
-- 
GitLab