Remove `future` requirement?

[robotadam]

dwollav2 depends on future>=0.15.2, but there are no calls in the library that use from __future__... or import the library directly. This library has a security vulnerability that will not be fixed, and it will not work on Python 3.13 and above. In addition, Python 2 has been fully EOL since 2020.

I suggest removing the dependency.

[ShreyaThapa]

Hi @robotadam,

Thanks for flagging this and for the detailed explanation! You’re right, the future dependency is no longer used after Python 2 became EOL, has known vulnerabilities, and won’t work with Python 3.13+.

It appears this doesn’t impact current functionality, but we’ve prioritized removing it in our next release to improve security and ensure compatibility with future Python versions.

We appreciate your help in making dwolla-v2-python better! 🙏

[robotadam]

@ShreyaThapa do you know if there are plans to spend time on the library? If a PR would help I can make that (and for other changes), but if the team does not have time to review or release new versions then it's not something I'll prioritize.

[ShreyaThapa]

Hey @robotadam! We would very much appreciate your contribution for removing the future dependency.

We're also planning to address the other open issue (adding the UpdateCredentialsError class) within the next two weeks, so your timing is perfect. We can bundle both of these improvements together into the next release.

Please feel free to submit the PR whenever it's convenient for you - we'll prioritize reviewing it and getting it merged. Thank you for offering to contribute!