cyclonedx merge defaults to specVersion 1.5 even when merging two v1.4 files

[aja08379]

Merging SBOMs seems to default to the output file being version 1.5, regardless of the input file versions. See for example test1.txt and test2.txt attached. Both v1.4, created with the snyk sbom CLI command.

Command used to merge them is:

cyclonedx merge --input-files test1.txt test2.txt --output-file new.txt --input-format json --output-format json --name "Test" --version "v0.0"

The output SBOM new.txt is v1.5 (also attached):

user@ubuntu2004:~$ cat test1.txt | jq
{
  "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.4",

user@ubuntu2004:~$ cat test2.txt | jq
{
  "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.4",

ash@ubuntu2004:~$ cat new.txt | jq
{
  "bomFormat": "CycloneDX",
  "specVersion": "1.5",

new.txt
test1.txt
test2.txt

[Parisha7]

We are also facing similar issue. Is there any fix coming up soon?

[saloni410]

When can we expect the fix please ?