When is it (not) appropriate to bundle dependencies with an application?

Question

Summary

I recently had a conversation with the creator of a framework that one of my applications depends on. During that conversation he mentioned as

Answer 1

I always include all dependancies for my web applications. Not only does this make installation simpler, the application remains stable and working the way you expect it to even when other components on the system are upgraded.

Answer 2

Just my experience, take it with a grain of salt.

My preference for a couple of open-source libraries that I author is for independence from additional libs as much as possible. Reason being, not only am I on the hook for distribution of additional libraries along with mine, I'm also obliged to update my application for compatibility as those other libraries are updated as well.

From the libraries I've used from others that carry dependencies of "common" libraries, invariably I end up with requiring multiple versions of the common library on my system. The relative update speed of the niche libraries I'm using just isn't that fast, while the common libraries are updated much more often. Versioning hell.

But that's speaking generically. If I can aid my project and users NOW by incorporating a dependency, I'm always looking at the downstream and later-date effects of that decision. If I can manage it, I can confidently include the dependency.

As always, your mileage may vary.