Core software is worlds apart from some client app.

Dependencies get compromised, supply chain attacks are extremely real. If you write a webapp do whatever works for you. If you write software with a blast radius as large as SQLite's then please consider not pulling in some vulnerable third party lib for a nice to have.