If you write code, part of the documentation before you start should be a "risks" statement, where you state that a dependency on X external, third party library, exists, and that any vulnerability could cause issues in your application. Also, that substantial upgrades to the library interface will affect maintainability if any interfaces are changed, or are deprecated.
When someone throws a pile of libraries at a problem, that risk statement gets lengthy.
Which is all well and good if you're doing greenfield development. It's not so good when you're inherited a codebase where none of this was done in the first place, and you're tasked to keep it going. As I said, the real world can be a messy place. In my case, the previous lead architect just threw immature libraries at every problem willy-nilly, at a time before I worked for the company. I get to inherit the problems this lack of foresight caused, and don't have the benefit of going backwards to fix it.
Your problem isn't with using external libraries, it's using ones without service contracts, or immature ones. And you're reacting by throwing out the baby, bathwater, bathtub, house, plumbing infrastructure, and electrical grid.
I don't disagree -- I'm hardly anti-library (you won't get too far in development without them, unless you're doing low-level embedded work). I like a good, stable, well-designed library that has been around for a long time, and where breaking changes are rare. Unfortunately, when the previous architect would throw a library at every problem that may have required eight lines of code, without care for anything other than ensuring the library license permits us to ship it.
And FWIW, I have brought these issues up with management. Their stance is they don't want to see any backend changes of any sort (where the bulk of our library woes lie) -- their focus is on the front end only. They're more than happy to defer the risks to some unspecified future.
As I said, the real world of development can be messy. I'm stuck with a codebase that is full of immature libraries, libraries that are no longer maintained, and libraries with bugs where getting new libraries introduces major changes requiring major refactors. If I were permitted to start fresh, I'd be doing things the way you described, and we wouldn't rely so much on "randomLibrary.jar" that was someones pet project seven years ago with 'LGPL' attached to it, but which has since been rewritten or abandoned. It's a willy-nilly application of such libraries to every problem that crops up without any analysis that I'm against, and not the use of libraries in any and all situations.