I've found git submodules to achieve the best of both worlds: dependency sources are readily available as part of my own projects, <i>and</i> it's straightforward to update them if need be. The only wrinkle is that a plain ol' `git clone` doesn't pull everything by default, but can be worked around with a clarifying note in the README or by making it part of the build process.<p>Obviously there's a time and a place - if a language or build system I'm using includes dependency retrieval/resolution for projects, then that's usually my preference. But for things like C (and, currently, Zig) that lack such things, vendoring with git submodules is pretty nice.