From bbc546f26c735ebf2f760e7b1f6bf3b0a3f8b058 Mon Sep 17 00:00:00 2001
From: Xueqin Cui <72771658+cuixq@users.noreply.github.com>
Date: Sat, 13 Jul 2024 01:32:59 +1000
Subject: [PATCH] Update docs: test dependencies not in the resolved graph
 (#1114)

Update the documentation that the current Maven resolver does not handle
test dependencies.
---
 docs/supported_languages_and_lockfiles.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/supported_languages_and_lockfiles.md b/docs/supported_languages_and_lockfiles.md
index 55e229c377..0abd7c0c41 100644
--- a/docs/supported_languages_and_lockfiles.md
+++ b/docs/supported_languages_and_lockfiles.md
@@ -78,6 +78,9 @@ OSV-Scanner uses [deps.dev’s resolver library](https://pkg.go.dev/deps.dev/uti
 
 After the dependency resolution, the OSV database is queried for the vulnerabilities associated with these dependencies as usual.
 
+{: .note }
+Test dependencies are not supported yet in the computed dependency graph for Maven pom.xml.
+
 ## Custom Lockfiles
 
 If you have a custom lockfile that we do not support or prefer to do your own custom parsing, you can extract the custom lockfile information and create a custom intermediate file containing dependency information so that osv-scanner can still check for vulnerabilities.