[BUG] XML Schema Violation: `externalReferences.hashes` included in XML BOM schema versions 1.1 and 1.2

[madpah]

Example BOM generation:

bom = Bom(components=[
        Component(
            name='toml', version='0.10.2', bom_ref='pkg:pypi/toml@0.10.2?extension=tar.gz',
            purl=PackageURL(
                type='pypi', name='toml', version='0.10.2', qualifiers='extension=tar.gz'
            ), hashes=[
                HashType.from_composite_str('sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b')
            ], external_references=[
                get_external_reference_1()
            ]
        )
    ])

Generates

...
<externalReferences>
                <reference type="distribution">
                    <url>https://cyclonedx.org</url>
                    <comment>No comment</comment>
                    <hashes>
                        <hash alg="SHA-256">806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b</hash>
                    </hashes>
                </reference>
            </externalReferences>
...

.externalReferences.hashes is not part of the schema prior to version 1.3.

[madpah]

Confirmed this doesn't affect 1.0 output as externalReferences is not supported full stop and is not included in 1.0.