Vulnerability in workflow project

[ankitdn]

While working in workflow project, I found that the application uses @astrojs/node, which is affected by a memory exhaustion denial-of-service vulnerability (CVE-2026-29772). The issue occurs in the Server Islands POST handler, which processes request bodies without enforcing a size limit. An attacker can send large or crafted JSON payloads, leading to excessive memory usage and potentially crashing the server.

CVE Report
CVE Link

[VaguelySerious]

@ankitdn Workflow doesn't use Astro directly (only as a dev dependency), so this doesn't seem like it would affect us. Please let me know if I'm missing something, otherwise I will close this issue after some time