[Defect]: Protobuf serialization does not allow to specify bom-ref for license expressions

[andreas-hilti]

Describe the defect

The protobuf serialization does not allow to specify a bom-ref for license expressions, in contrast to the xml and JSON serialization:

specification/schema/bom-1.6.proto

Lines 368 to 376 in bfb6f8b

	message LicenseChoice {
	oneof choice {
	License license = 1;
	// A valid SPDX license expression. Refer to https://spdx.org/specifications for syntax requirements
	string expression = 2;
	}
	// This field must only be used when "expression" is chosen as the License object has its own acknowledgement.
	optional LicenseAcknowledgementEnumeration acknowledgement = 3;
	}

specification/schema/bom-1.6.schema.json

Lines 1498 to 1502 in bfb6f8b

	"bom-ref": {
	"$ref": "#/definitions/refType",
	"title": "BOM Reference",
	"description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
	}

specification/schema/bom-1.6.xsd

Lines 2279 to 2286 in bfb6f8b

	<xs:attribute name="bom-ref" type="bom:refType">
	<xs:annotation>
	<xs:documentation>
	An optional identifier which can be used to reference the license elsewhere in the BOM.
	Uniqueness is enforced within all elements and children of the root-level bom element.
	</xs:documentation>
	</xs:annotation>
	</xs:attribute>

Additional context

n/a

[jkowalleck]

@stevespringett i would pull a fix for this in the upcoming 1.6.1 - if this was okay?

[stevespringett]

Perfect @jkowalleck

[jkowalleck]

Thank you very much for the report, @andreas-hilti

Could I ask you to review the proposed fix: #529 ?