How would you approach a situation where a critical vulnerability is discovered in a third-party software library used by Hulu?