CycloneDX V1.6 - Components and services under Declarations.Targets should be unique

[gborough]

The uniqueness of components and services types are enforced everywhere, except under the Declarations.Targets type.

Currently it looks like this: https://github.com/CycloneDX/specification/blob/d2948509102647896eeedcddd76112b4d286acee/schema/bom-1.6.schema.json#L407-L432

I think it should include uniqueness like this?

{
        "targets": {
          "type": "object",
          "title": "Targets",
          "description": "The list of targets which claims are made against.",
          "additionalProperties": false,
          "properties": {
            "organizations": {
              "type": "array",
              "title": "Organizations",
              "description": "The list of organizations which claims are made against.",
              "items": {"$ref": "#/definitions/organizationalEntity"}
            },
            "components": {
              "type": "array",
              "title": "Components",
              "description": "The list of components which claims are made against.",
              "items": {"$ref": "#/definitions/component"},
              "uniqueItems": true //     <----------------------------
            },
            "services": {
              "type": "array",
              "title": "Services",
              "description": "The list of services which claims are made against.",
              "items": {"$ref": "#/definitions/service"},
              "uniqueItems": true //      <----------------------------
            }
          }
        },
}

[stevespringett]

@jkowalleck should we target this for 1.7?

[jkowalleck]

in the past, things could be duplicated, but from $then on, this would be forbidden?

i do not see away to introduce this i a non-breaking way.