fix/dependency: remove unused python-dotenv (CVE-2026-28684)

SynapseLayer · SynapseLayer · commit 9c6c13dfcb75 · 2026-05-06T14:46:31.000Z
python-dotenv was declared as a runtime dependency but never imported in any source file. Removing eliminates CVE-2026-28684 finding on MCP Marketplace security scan.
diff --git a/pyproject.toml b/pyproject.toml
@@ -42,7 +42,6 @@ dependencies = [
   "cryptography>=46.0.7",
   "pydantic>=2.4.0",
   "httpx>=0.27.0",
-  "python-dotenv>=1.0.1",
 ]
 
 [project.optional-dependencies]

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,6 @@ dependencies = [`
`42`	`42`	`"cryptography>=46.0.7",`
`43`	`43`	`"pydantic>=2.4.0",`
`44`	`44`	`"httpx>=0.27.0",`
`45`		`- "python-dotenv>=1.0.1",`
`46`	`45`	`]`
`47`	`46`
`48`	`47`	`[project.optional-dependencies]`