diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # Haskell WebAuthn Library
 
+[![Hackage](https://img.shields.io/hackage/v/webauthn.svg)](https://hackage.haskell.org/package/webauthn)
+
 This library implements the server-side
 [Web Authentication Relying Party specification Level 2][spec]. The goal of Web
 Authentication (WebAuthn) is to bring passwordless login/second factor
diff --git a/changelog.md b/changelog.md
new file mode 100644
--- /dev/null
+++ b/changelog.md
@@ -0,0 +1,12 @@
+### 0.1.1.0
+
+* [#111](https://github.com/tweag/webauthn/pull/111) Support the
+  [`transports`](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-transports-slot)
+  field, allowing servers to store information from the browser on how
+  authenticators were communicated with (e.g. internal, NFC, etc.). When users
+  log in, this information can then be passed along in [Credential
+  Descriptors](https://www.w3.org/TR/webauthn-2/#dictdef-publickeycredentialdescriptor),
+  ensuring that only the transports initially registered as supported by the
+  authenticator may be used. This is recommended by the standard.
+* [#112](https://github.com/tweag/webauthn/pull/112) Decrease lower bounds for
+  aeson and unordered-containers.
diff --git a/src/Crypto/WebAuthn/Model/Types.hs b/src/Crypto/WebAuthn/Model/Types.hs
--- a/src/Crypto/WebAuthn/Model/Types.hs
+++ b/src/Crypto/WebAuthn/Model/Types.hs
@@ -1201,16 +1201,14 @@
       -- For more details, see [§ 6.5 Attestation](https://www.w3.org/TR/webauthn-2/#sctn-attestation),
       -- [§ 6.5.4 Generating an Attestation Object](https://www.w3.org/TR/webauthn-2/#sctn-generating-an-attestation-object),
       -- and [Figure 6](https://www.w3.org/TR/webauthn-2/#fig-attStructs).
-      arrAttestationObject :: AttestationObject raw
-      -- TODO: This property is currently not propagated by webauthn-json. See:
-      -- <https://github.com/github/webauthn-json/pull/44>
-      -- [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-gettransports)
+      arrAttestationObject :: AttestationObject raw,
+      -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-gettransports)
       -- This [internal slot](https://tc39.github.io/ecma262/#sec-object-internal-methods-and-internal-slots)
       -- contains a sequence of zero or more unique `[DOMString](https://heycam.github.io/webidl/#idl-DOMString)`s
       -- in lexicoaraphical order. These values are the transports that the
       -- [authenticator](https://www.w3.org/TR/webauthn-2/#authenticator) is believed to support,
       -- or an empty sequence if the information is unavailable.
-      -- arrTransports :: Set AuthenticatorTransport
+      arrTransports :: [AuthenticatorTransport]
     } ->
     AuthenticatorResponse 'Registration raw
   -- | [(spec)](https://www.w3.org/TR/webauthn-2/#authenticatorassertionresponse)
diff --git a/src/Crypto/WebAuthn/Model/WebIDL/Internal/Decoding.hs b/src/Crypto/WebAuthn/Model/WebIDL/Internal/Decoding.hs
--- a/src/Crypto/WebAuthn/Model/WebIDL/Internal/Decoding.hs
+++ b/src/Crypto/WebAuthn/Model/WebIDL/Internal/Decoding.hs
@@ -232,6 +232,9 @@
   decodeCreated supportedFormats IDL.AuthenticatorAttestationResponse {..} = do
     arrClientData <- decode clientDataJSON
     arrAttestationObject <- decodeCreated supportedFormats attestationObject
+    arrTransports <- case transports of
+      Nothing -> pure []
+      Just t -> decode t
     pure $ M.AuthenticatorResponseRegistration {..}
 
 instance DecodeCreated (M.Credential 'K.Registration 'True) where
diff --git a/src/Crypto/WebAuthn/Model/WebIDL/Internal/Encoding.hs b/src/Crypto/WebAuthn/Model/WebIDL/Internal/Encoding.hs
--- a/src/Crypto/WebAuthn/Model/WebIDL/Internal/Encoding.hs
+++ b/src/Crypto/WebAuthn/Model/WebIDL/Internal/Encoding.hs
@@ -212,7 +212,8 @@
   encode M.AuthenticatorResponseRegistration {..} =
     IDL.AuthenticatorAttestationResponse
       { clientDataJSON = encode arrClientData,
-        attestationObject = encode arrAttestationObject
+        attestationObject = encode arrAttestationObject,
+        transports = Just $ encode arrTransports
       }
 
 -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-attestationobject)
diff --git a/src/Crypto/WebAuthn/Model/WebIDL/Types.hs b/src/Crypto/WebAuthn/Model/WebIDL/Types.hs
--- a/src/Crypto/WebAuthn/Model/WebIDL/Types.hs
+++ b/src/Crypto/WebAuthn/Model/WebIDL/Types.hs
@@ -180,7 +180,11 @@
   { -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorresponse-clientdatajson)
     clientDataJSON :: IDL.ArrayBuffer,
     -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-attestationobject)
-    attestationObject :: IDL.ArrayBuffer
+    attestationObject :: IDL.ArrayBuffer,
+    -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-authenticatorattestationresponse-transports-slot)
+    -- This field is only being propagated by webauthn-json [since recently](https://github.com/github/webauthn-json/pull/44),
+    -- which is why we allow absence of this value
+    transports :: Maybe [IDL.DOMString]
   }
   deriving (Eq, Show, Generic)
   deriving (Aeson.FromJSON, Aeson.ToJSON) via JSONEncoding AuthenticatorAttestationResponse
diff --git a/src/Crypto/WebAuthn/Operation/CredentialEntry.hs b/src/Crypto/WebAuthn/Operation/CredentialEntry.hs
--- a/src/Crypto/WebAuthn/Operation/CredentialEntry.hs
+++ b/src/Crypto/WebAuthn/Operation/CredentialEntry.hs
@@ -16,6 +16,7 @@
   { ceCredentialId :: M.CredentialId,
     ceUserHandle :: M.UserHandle,
     cePublicKeyBytes :: M.PublicKeyBytes,
-    ceSignCounter :: M.SignatureCounter
+    ceSignCounter :: M.SignatureCounter,
+    ceTransports :: [M.AuthenticatorTransport]
   }
   deriving (Eq, Show, Generic, ToJSON)
diff --git a/src/Crypto/WebAuthn/Operation/Registration.hs b/src/Crypto/WebAuthn/Operation/Registration.hs
--- a/src/Crypto/WebAuthn/Operation/Registration.hs
+++ b/src/Crypto/WebAuthn/Operation/Registration.hs
@@ -43,6 +43,7 @@
         ceCredentialId,
         cePublicKeyBytes,
         ceSignCounter,
+        ceTransports,
         ceUserHandle
       ),
   )
@@ -405,7 +406,8 @@
                 { ceUserHandle = M.cueId $ M.corUser options,
                   ceCredentialId = M.cIdentifier credential,
                   cePublicKeyBytes = M.PublicKeyBytes $ M.unRaw acdCredentialPublicKeyBytes,
-                  ceSignCounter = M.adSignCount authData
+                  ceSignCounter = M.adSignCount authData,
+                  ceTransports = M.arrTransports $ M.cResponse credential
                 },
             rrAttestationStatement = attStmt
           }
diff --git a/tests/Emulation/Client.hs b/tests/Emulation/Client.hs
--- a/tests/Emulation/Client.hs
+++ b/tests/Emulation/Client.hs
@@ -89,7 +89,8 @@
             M.cResponse =
               M.AuthenticatorResponseRegistration
                 { M.arrClientData = clientData,
-                  M.arrAttestationObject = attestationObject
+                  M.arrAttestationObject = attestationObject,
+                  M.arrTransports = []
                 },
             M.cClientExtensionResults = M.AuthenticationExtensionsClientOutputs {}
           }
diff --git a/tests/Main.hs b/tests/Main.hs
--- a/tests/Main.hs
+++ b/tests/Main.hs
@@ -191,6 +191,14 @@
         True
         registry
         predeterminedDateTime
+    it "the response with transports information works" $
+      registerTestFromFile
+        "tests/responses/attestation/with-transports.json"
+        "https://infinisil.webauthn.dev.tweag.io"
+        "infinisil.webauthn.dev.tweag.io"
+        True
+        registry
+        predeterminedDateTime
   describe "AndroidKey register" $ do
     it "tests whether the fixed android key register has a valid attestation" $
       registerTestFromFile
@@ -318,7 +326,8 @@
               . M.adAttestedCredentialData
               . M.aoAuthData
               $ M.arrAttestationObject cResponse,
-          ceSignCounter = M.adSignCount . M.aoAuthData $ M.arrAttestationObject cResponse
+          ceSignCounter = M.adSignCount . M.aoAuthData $ M.arrAttestationObject cResponse,
+          ceTransports = M.arrTransports cResponse
         }
 
 defaultPublicKeyCredentialCreationOptions :: M.Credential 'M.Registration raw -> M.CredentialOptions 'M.Registration
diff --git a/tests/Spec/Types.hs b/tests/Spec/Types.hs
--- a/tests/Spec/Types.hs
+++ b/tests/Spec/Types.hs
@@ -90,7 +90,7 @@
   arbitrary = arbitraryBoundedEnum
 
 instance Arbitrary (M.AuthenticatorResponse 'M.Registration 'False) where
-  arbitrary = M.AuthenticatorResponseRegistration <$> arbitrary <*> arbitrary
+  arbitrary = M.AuthenticatorResponseRegistration <$> arbitrary <*> arbitrary <*> arbitrary
 
 instance Arbitrary M.AssertionSignature where
   arbitrary = M.AssertionSignature <$> arbitrary
diff --git a/tests/responses/attestation/with-transports.json b/tests/responses/attestation/with-transports.json
new file mode 100644
--- /dev/null
+++ b/tests/responses/attestation/with-transports.json
@@ -0,0 +1,12 @@
+{
+  "clientExtensionResults": {},
+  "rawId": "KUf81qzsKaofpSlxy5avzDu3hrHHLFMdGhNZOts9YDCC_lTspfkVUGlhaHwfxPJ6h3sWPPS6XkcI_2N3FbXfyQ",
+  "response": {
+    "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgTApe7qutMMPaNPA7NfFC21_-m46k4EWuh3BmKDYSDAoCIGB6A04-n7TYGJsc474JTayLKqSuUs2cvIorGreIvpS1Y3g1Y4FZAsEwggK9MIIBpaADAgECAgQej4c0MA0GCSqGSIb3DQEBCwUAMC4xLDAqBgNVBAMTI1l1YmljbyBVMkYgUm9vdCBDQSBTZXJpYWwgNDU3MjAwNjMxMCAXDTE0MDgwMTAwMDAwMFoYDzIwNTAwOTA0MDAwMDAwWjBuMQswCQYDVQQGEwJTRTESMBAGA1UECgwJWXViaWNvIEFCMSIwIAYDVQQLDBlBdXRoZW50aWNhdG9yIEF0dGVzdGF0aW9uMScwJQYDVQQDDB5ZdWJpY28gVTJGIEVFIFNlcmlhbCA1MTI3MjI3NDAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASoefgjOO0UlLrAcEvMf8Zj0bJxcVl2JDEBx2BRFdfBUp4oHBxnMi04S1zVXdPpgY1f2FwirzJuDGT8IK_jPyNmo2wwajAiBgkrBgEEAYLECgIEFTEuMy42LjEuNC4xLjQxNDgyLjEuNzATBgsrBgEEAYLlHAIBAQQEAwIEMDAhBgsrBgEEAYLlHAEBBAQSBBAvwFefgRNH6rEWu1qNuSAqMAwGA1UdEwEB_wQCMAAwDQYJKoZIhvcNAQELBQADggEBAIaT_2LfDVd51HSNf8jRAicxio5YDmo6V8EI6U4Dw4Vos2aJT85WJL5KPv1_NBGLPZk3Q_eSoZiRYMj8muCwTj357hXj6IwE_IKo3L9YGOEI3MKWhXeuef9mK5RzTj3sRZcwXXPm5V7ivrnNlnjKCTXlM-tjj44m-ruBfNpEH76YMYMq5fbirZkvnrvbTGIji4-NerSB1tMmO82_nkpXVQNwmIrVgTRA-gMsrbZyPK3Y-Ne6gJ91tDz_oKW5rdFCMu-dnhSBJjgjPEykqHO5-KyY4yuhkWdgbhWQn83bSi3_va5GICSfmmZGrIHkgy0RGf6_qnMaiC2iWneCfUbRkBdoYXV0aERhdGFYxHzbgD-dWYiJjEu61dG4h-4WDe8NvHGqRb7HCEWeUfR8RQAAAAMvwFefgRNH6rEWu1qNuSAqAEApR_zWrOwpqh-lKXHLlq_MO7eGsccsUx0aE1k62z1gMIL-VOyl-RVQaWFofB_E8nqHexY89LpeRwj_Y3cVtd_JpQECAyYgASFYIKemkuzSyPwRFCcRBY4lmbhgQSCAfNTSJoDOnzokwUzuIlgglCsWjxTR4Dmb1CNnRcSmQxfKCL7cpqmS6xZLOU_xY7w",
+    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiZDdicFlRQUFBQURudERoamV5NlB5eGcwb1RpTnZEc1kiLCJvcmlnaW4iOiJodHRwczovL2luZmluaXNpbC53ZWJhdXRobi5kZXYudHdlYWcuaW8iLCJjcm9zc09yaWdpbiI6ZmFsc2V9",
+    "transports": [
+      "nfc",
+      "usb"
+    ]
+  }
+}
diff --git a/webauthn.cabal b/webauthn.cabal
--- a/webauthn.cabal
+++ b/webauthn.cabal
@@ -1,6 +1,6 @@
 cabal-version: 2.4
 name: webauthn
-version: 0.1.0.0
+version: 0.1.1.0
 license: Apache-2.0
 license-file: LICENSE
 copyright:
@@ -21,10 +21,16 @@
   of the [Web Authentication Level 2](https://www.w3.org/TR/webauthn-2/) specification.
   This allows web applications to create strong, attested, scoped, public key-based
   credentials for the purpose of strongly authenticating users.
+  .
+  While the general design of the library won't change, it's still in an alpha
+  state, so smaller breaking changes should be expected for now. We will
+  however follow the [PVP](https://pvp.haskell.org/) and properly label changes
+  with the appropriate version increase.
 category: Web, Authentication
 tested-with: GHC == 8.10.7
 extra-source-files:
   README.md,
+  changelog.md,
   root-certs/**/*.crt,
   tests/golden-metadata/big/blob.jwt,
   tests/golden-metadata/big/payload.json,
@@ -62,7 +68,7 @@
     base                  >= 4.14.3 && < 4.15,
     -- deriving-aeson has compilation performance problems with aeson >= 2.0,
     -- see https://github.com/fumieval/deriving-aeson/issues/16
-    aeson                 >= 1.5.6 && < 2.0,
+    aeson                 >= 1.4.7.1 && < 2.0,
     asn1-encoding         >= 0.9.6 && < 0.10,
     asn1-parse            >= 0.9.5 && < 0.10,
     asn1-types            >= 0.3.4 && < 0.4,
@@ -86,7 +92,7 @@
     singletons            >= 2.7 && < 2.8,
     text                  >= 1.2.4 && < 1.3,
     time                  >= 1.9.3 && < 1.10,
-    unordered-containers  >= 0.2.16 && < 0.3,
+    unordered-containers  >= 0.2.11.0 && < 0.3,
     uuid                  >= 1.3.15 && < 1.4,
     validation            >= 1.1.2 && < 1.2,
     x509                  >= 1.7.5 && < 1.8,
