Add @JsonIgnore to transient AuthenticatorData fields

This fixes a crash in deserializing AuthenticatorData with
`com.upokecenter:cbor` versions later than 4.0.1.

Author: emlun

NEWS

@@ -4,6 +4,8 @@ Fixes:
 
 * `com.upokecenter:cbor` dependency bumped to minimum version 4.5.1 due to a
   known vulnerability, see: https://github.com/advisories/GHSA-fj2w-wfgv-mwq6
+* Fixed crash in `AuthenticatorData` deserialization with `com.upokecenter:cbor`
+  versions later than 4.0.1
 
 
 == Version 1.12.1 ==

webauthn-server-core/src/main/java/com/yubico/webauthn/data/AuthenticatorData.java

@@ -25,6 +25,7 @@
 package com.yubico.webauthn.data;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.core.JsonGenerator;
 import com.fasterxml.jackson.databind.SerializerProvider;
@@ -81,9 +82,9 @@ public class AuthenticatorData {
    *
    * @see #flags
    */
-  private final transient AttestedCredentialData attestedCredentialData;
+  @JsonIgnore private final transient AttestedCredentialData attestedCredentialData;
 
-  private final transient CBORObject extensions;
+  @JsonIgnore private final transient CBORObject extensions;
 
   private static final int RP_ID_HASH_INDEX = 0;
   private static final int RP_ID_HASH_END = RP_ID_HASH_INDEX + 32;