diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml
index ea15a42..b599464 100644
--- a/.github/workflows/pythonpackage.yml
+++ b/.github/workflows/pythonpackage.yml
@@ -43,7 +43,7 @@ jobs:
     strategy:
       max-parallel: 1
       matrix:
-        python-version: [2.7, 3.5, 3.6, 3.7, 3.8, 3.9]
+        python-version: [3.6, 3.9]
     steps:
     - uses: actions/checkout@v2
     - name: Set up Python 
@@ -57,7 +57,7 @@ jobs:
         pip install -e .'[test]'
     - name: Run tests with ${{ matrix.python-version }}
       env:
-        APP_ID: YJRGphy60b8JCBib0vtDDtak-MdYXbMMI
+        APP_ID: u5xB92MjVH94kH6p3M66DUua-MdYXbMMI
         APP_KEY: ${{ secrets.APP_KEY }}
         MASTER_KEY: ${{ secrets.MASTER_KEY }}
         USE_REGION: US
diff --git a/changelog b/changelog
index 0cacdb6..9622edb 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,14 @@
+## [3.0.0] - 2022-11-24
+
+## Change
+
+- Drop support for python 2.7 and 3.5
+
+## Fixed
+
+- Require phone_number when verify sms code
+- Pinned urllib3 to 1.x
+
 ## [2.9.12] - 2022-11-24
 
 ## Fixed
diff --git a/leancloud/user.py b/leancloud/user.py
index fee53b2..22c4b57 100644
--- a/leancloud/user.py
+++ b/leancloud/user.py
@@ -335,8 +335,8 @@ def request_password_reset_by_sms_code(cls, phone_number, validate_token=None):
         client.post("/requestPasswordResetBySmsCode", params)
 
     @classmethod
-    def reset_password_by_sms_code(cls, sms_code, new_password):
-        params = {"password": new_password}
+    def reset_password_by_sms_code(cls, sms_code, new_password, phone_number):
+        params = {"password": new_password, "mobilePhoneNumber": phone_number}
         client.put("/resetPasswordBySmsCode/" + sms_code, params)
 
     # This should be an instance method.
@@ -359,8 +359,9 @@ def change_phone_number(cls, sms_code, phone_number):
         client.post("/changePhoneNumber", params)
 
     @classmethod
-    def verify_mobile_phone_number(cls, sms_code):
-        client.post("/verifyMobilePhone/" + sms_code, {})
+    def verify_mobile_phone_number(cls, sms_code, phone_number):
+        params = {"mobilePhoneNumber": phone_number}
+        client.post("/verifyMobilePhone/" + sms_code, params)
 
     @classmethod
     def request_login_sms_code(cls, phone_number, validate_token=None):
diff --git a/requirements.txt b/requirements.txt
index bd5d96e..d998f11 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,6 +5,7 @@ six>=1.11.0
 qiniu>=7.3.1
 requests>=2.25.1
 requests-toolbelt>=1.0.0
+urllib3<2
 Werkzeug>=0.16.0,<2.0.0
 secure-cookie>=0.1.0,<1.0.0
 gevent>=22.10.2,<23.0.0
diff --git a/setup.py b/setup.py
index 8fd1a7f..d5c8288 100644
--- a/setup.py
+++ b/setup.py
@@ -22,7 +22,7 @@
 
 setup(
     name='leancloud',
-    version='2.9.12',
+    version='3.0.0',
     description='LeanCloud Python SDK',
     url='https://leancloud.cn/',
     author='asaka',
@@ -34,8 +34,8 @@
         'Programming Language :: Python :: 2',
         'Programming Language :: Python :: 2.7',
         'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.5',
         'Programming Language :: Python :: 3.6',
+        'Programming Language :: Python :: 3.9',
     ],
     keywords='Leancloud SDK',
     packages=find_packages(exclude=['docs', 'tests*']),
diff --git a/tests/test_engine.py b/tests/test_engine.py
index 53f1b70..8db3682 100644
--- a/tests/test_engine.py
+++ b/tests/test_engine.py
@@ -579,6 +579,10 @@ def test_request_sms_code():  # type: () -> None
             pass
         elif e.code == 601 or e.error.startswith("SMS request too fast"):  # send sms too frequently
             pass
+        elif "SMS sending exceeds limit" in e.error:
+            pass
+        elif "send too frequently" in e.error:
+            pass
         else:
             raise e
 
diff --git a/tests/test_user.py b/tests/test_user.py
index f3999bd..860618c 100644
--- a/tests/test_user.py
+++ b/tests/test_user.py
@@ -284,7 +284,13 @@ def test_request_change_phone_number():  # type: () -> None
         # phone number is from http://www.z-sms.com
         User.request_change_phone_number("+8617180655340")
     except LeanCloudError as e:
-        if e.code not in (119, 213, 601, 605):
+        if e.code in (119, 213, 601, 605):
+            pass
+        elif "SMS sending exceeds limit" in e.error:
+            pass
+        elif "send too frequently" in e.error:
+            pass
+        else:
             raise e
     finally:
         user1.logout()
@@ -322,7 +328,9 @@ def test_request_password_reset_by_sms_code():  # type: () -> None
 def test_reset_password_by_sms_code():  # type: () -> None
     try:
         User.reset_password_by_sms_code(
-            str(random.randrange(100000, 999999)), "password"
+            str(random.randrange(100000, 999999)),
+            "password",
+            "1861111" + str(random.randrange(1000, 9999))
         )
     except LeanCloudError as e:
         if e.code != 603: