freshmaker/migrations/versions/90f8444d5ab7_add_event_state_and_timestamp.py:26 (and at least one more) generates an SQL query manually by string concatenation.
While this is in a migration, so reasonably safe from attackers, it might still trip up when there's unexpected content picked up (spaces/quotes, etc...).
Please consider using parameterized SQL queries.