[dependencies]: Bump @azure/msal-node from 3.8.3 to 5.0.3

[dependabot]

Bumps @azure/msal-node from 3.8.3 to 5.0.3.

Release notes

Sourced from @​azure/msal-node's releases.

@​azure/msal-angular v5.0.3

5.0.3

Wed, 28 Jan 2026 18:43:41 GMT

Patches

• Bump @​azure/msal-browser to v5.1.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)

@​azure/msal-node-extensions v5.0.3

5.0.3

Wed, 28 Jan 2026 18:43:41 GMT

Patches

• Bump @​azure/msal-common to v16.0.3 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump msal-test-utils to v0.0.1 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

@​azure/msal-node v5.0.3

5.0.3

Wed, 28 Jan 2026 18:43:41 GMT

Patches

• Store apiId in cache to track which API cached account information #8236 (thomas.norling@microsoft.com)
• Bump @​azure/msal-common to v16.0.3 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump rollup-msal to v0.0.0 (beachball)

@​azure/msal-react v5.0.3

5.0.3

Wed, 28 Jan 2026 18:43:41 GMT

Patches

• Bump @​azure/msal-browser to v5.1.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)
• Bump msal-test-utils to v0.0.1 (beachball)

@​azure/msal-angular v5.0.2

5.0.2

Sat, 17 Jan 2026 03:11:36 GMT

... (truncated)

Commits

• 6dba4fe Add JIT and MFA e2e tests and refactor (#8268)
• 1887ed4 Update NativeAuthSample app to support JIT and MFA (#8262)
• 3818d73 Release PR: official (#8249)
• efc1ae6 loadExternalTokens bug fixes (#8242)
• eeeab87 Fix v4 E2E Tests Post v5 Release (#8246)
• 2f933b4 Release PR: official (#8232)
• da207d2 Add telemetry support for loading external tokens and related events (#8231)
• ff590c2 RT Expiry Telemetry (#8224)
• d86bde8 Track ApiId when getting and setting accounts in cache (#8219)
• c5abda8 Update 3p-e2e pipelines and native auth e2e tests (#8200)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@azure/msal-common	15.14.1	🟢 6	Details Check Score Reason Maintained 🟢 10 29 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Code-Review 🟢 10 all changesets reviewed License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 9 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 52 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@azure/msal-common	16.0.3	🟢 6	Details Check Score Reason Maintained 🟢 10 29 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Code-Review 🟢 10 all changesets reviewed License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 9 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 52 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@azure/msal-node	3.8.6	🟢 6	Details Check Score Reason Maintained 🟢 10 29 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Code-Review 🟢 10 all changesets reviewed License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 9 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 52 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/@azure/msal-node	5.0.3	🟢 6	Details Check Score Reason Maintained 🟢 10 29 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected Code-Review 🟢 10 all changesets reviewed License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 9 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities ⚠️ 0 52 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• package-lock.json