Merge pull request #37 from openrewrite/doc/update-dependency-vulnera…

…bility-check

docs: update DependencyVulnerabilityCheck.java

src/main/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheck.java

@@ -85,7 +85,7 @@ public String getDescription() {
         //language=markdown
         return "This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. " +
                 "This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. " +
-                "Automatic upgrade of vulnerable versions is performed when the fixed version is a minor or patch version bump. " +
+                "This recipe **only** upgrades to the latest **patch** version.  If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. " +
                 "Vulnerability information comes from the [GitHub Security Advisory Database](https://docs.github.com/en/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database), " +
                 "which aggregates vulnerability data from several public databases, including the [National Vulnerability Database](https://nvd.nist.gov/) maintained by the United States government. " +
                 "Dependencies following [Semantic Versioning](https://semver.org/) will see their _patch_ version updated where applicable.";