Write a popular recipe guide for resolving vulnerable dependencies

[timtebeek]

What problem are you trying to solve?

Folks might not be aware that we are able to confidently solve vulnerabilities using OpenRewrite recipes, and also bump transitive dependencies.

Describe the solution you'd like

Guide folks towards the Find and fix vulnerable dependencies recipe, and educate them on

1. how to set overrideTransitive: true to get Maven dependencyManagement or Gradle constraints added
   a. and explain how 80% of vulnerabilities are in transitive dependencies, otherwise missed by other tools
2. explain how the recipe will only confidently bump patch versions, to the vulnerability recommended version
3. explain the data table produced when passing in -Drewrite.exportDatatables=true, and the minor/major/no fix insights that gives
4. guide them towards next steps such as
   a. directly using UpgradeDependencyVersion and UpgradeTransitiveDependencyVersion for minor version bumps,
   b. or the framework migration recipes for Spring, Micronaut and Quarkus for major version bumps.

Additional context

Came up in our OSS Slack.

[timtebeek]

cc @mike-solomon (but enjoy your holiday first!)

[mike-solomon]

This has proven to be slightly problematic to document due to the fact that I can't get Gradle projects to generate data tables. Not entirely sure what I'm doing wrong as it seems like others may not have that issue 🤷

I'll come back to this in the future and see if I can figure it out. Jumping over to other doc issues for now, though.

[timtebeek]

This recipe is now available for users of Moderne, so can likely move https://github.com/moderneinc/moderne-docs

[mike-solomon]

Closing this in favor of: moderneinc/moderne-docs#175