Some of my apps use publicly available libraries. I feel comfortable downloading such libraries as jar files, given that the code of a jar stored locally is "safe" with me.
Sometimes, however, the library is only available to be added as a dependency in the module's build.gradle, as below:
implementation 'com.darth.vader.lib.filechooser:filechooser:1.1.0'
This worries me because I have zero control over that code, and no clue if/when it changes.
Can somebody enlighten me on the pros & cons of the 2 approaches? And, on how I can "save" such "dependency" code?
Depending on where the filechooser:1.1.0 comes from, you do know when it changes (never).
Once the version is published in an immutable repository like maven-central or jcenter you can expect the version to remain immutable.