Hi there, I noticed ex_utils public util atomize_keys uses String.to_atom and is masking that vulnerability.

We use sobelow to scan our own code, which would catch String.to_atom, but would not warn about ex_utils and atomize_keys

Not specifically a security concern itself or necessarily something i think should be a elixir-security-advisories, but a bit of a gap between a tool like sobelow flagging any usage of String.to_atom and a dependency util offering the same function, but packaged a little differently and not being flagged.

And I'm not entirely sure how we would introduce a check for the use of atomize_keys

It would be useful to be warned about ex_utils if implemented in a project, let me know if you have any suggestions.

thanks