Supporting only the latest spec version drastically limits upgradability and may break some workflows. We should support all versions, as well as converting between them. While the CLI certainly can do that too, this library should able to do it as well.

Will have to make sure that spec version specific package names are compatible with Go's major versioning strategies, see https://blog.golang.org/v2-go-modules

Another solution could be to release a new major version everytime the supported spec version is incremented.

Implemented in #51. Instead of introducing separate models for every spec version, or solving this via versioning of the module itself, we now "downgrade" the BOM before encoding it if necessary.

This makes working with the model a lot simpler.