bom.xml has no licenses

[apusic]

pom.xml： ...

<dependency>
        <groupId>com.lframework</groupId>
         <artifactId>web-starter</artifactId>
          <version>1.0.0</version>
</dependency>
<dependency>
          <groupId>org.elasticsearch.client</groupId>
            <artifactId>transport</artifactId>
            <version>7.17.21</version>
</dependency>

... Creating BOM: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom

component in bom.xml has no licenses and no hashes. like：

<component type="library" bom-ref="pkg:maven/org.elasticsearch.client/transport@7.17.21?type=jar">
      <group>org.elasticsearch.client</group>
      <name>transport</name>
      <version>7.17.21</version>
      <scope>optional</scope>
      <purl>pkg:maven/org.elasticsearch.client/transport@7.17.21?type=jar</purl>
    </component>

if remove web-starter dependency, Creating BOM again, components in bom.xml has licenses. or change web-starter dependency version to 1.1.0 ,components in bom.xml has licenses. too.

<component type="library" bom-ref="pkg:maven/org.elasticsearch.client/transport@7.17.21?type=jar">
      <group>org.elasticsearch.client</group>
      <name>transport</name>
      <version>7.17.21</version>
      <description>Elasticsearch subproject :client:transport</description>

> <scope>optional</scope>

      <hashes>
        <hash alg="MD5">8acf5fd025d186503a2ebd39a9be3581</hash>
        <hash alg="SHA-1">4be20c827efad55b27120a294f001e47fb14eaed</hash>
        <hash alg="SHA-256">2eb185b7a0e0b7402b953a08a6dcac1bfab656f1472ef0f2bc5dc92233bc45a4</hash>
        ....
      </hashes>
      <licenses>
        <license>
          <name>Elastic License 2.0</name>
          <url>https://raw.githubusercontent.com/elastic/elasticsearch/v7.17.21/licenses/ELASTIC-LICENSE-2.0.txt</url>
        </license>
        <license>
          <id>SSPL-1.0</id>
          <url>https://www.mongodb.com/licensing/server-side-public-license</url>
        </license>
      </licenses>
      <purl>pkg:maven/org.elasticsearch.client/transport@7.17.21?type=jar</purl>
    </component>

[hboutemy]

can you provide a simple reproducer project, to ease testing, please?