If a critical vulnerability is discovered in a widely used third-party library, what steps would you take?