Bump Python dependencies

[maarcingebala]

Bump backend dependencies.

Pull Request Checklist

1. Privileged views and APIs are guarded by proper permission checks.
2. All visible strings are translated with proper context.
3. All data-formatting is locale-aware (dates, numbers, and so on).
4. Database queries are optimized and the number of queries is constant.
5. Database migration files are up to date.
6. The changes are tested.
7. The code is documented (docstrings, project documentation).
8. GraphQL schema and type definitions are up to date.
9. Changes are mentioned in the changelog.

[codecov]

Codecov Report

Merging #3557 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #3557   +/-   ##
=======================================
  Coverage   89.83%   89.83%           
=======================================
  Files         250      250           
  Lines       13217    13217           
  Branches     1338     1338           
=======================================
  Hits        11874    11874           
  Misses        930      930           
  Partials      413      413

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 95182d4...e4f772f. Read the comment docs.

[maarcingebala]

Note: this PR bumps Django to 2.1.5 which fixes security issue CVE-2019-3498. I also had to pin pytest = "==4.0.2" as the newest version 4.1.0 doesn't work with celery==4.2.1.