This fixes several security vulnerability (none of which could be exploited on Funkwhale, AFAICT)
https://docs.djangoproject.com/en/2.2/releases/2.2.4/