Directly patching the code, then letting the distros do their thing.
I have no idea what the protocol is if I wouldn’t want to update some application.
You’d just put it in an exclude list in your specific package managers config file for example. The depends are forward compatible and will just keep updating as normal. Very very rarely is there ever a case where forward compatibility is broken, and if it ever is the devs did so for a very thought out reason.
blocking updating because you have or don’t have something else on your system seems to be basically the norm with Linux.
It is yes. Because if you don’t have a library an application depends on then it just won’t run.
Except “have”, that’s not a real scenario; it’s always a matter of not having something; there’s packages that may conflict because they provide a different implementation of the same interface, but you’ll never be blocked by an application that depends on that interface.
The dependencies are defined by the distro maintainers when they packaged the software.
It ensures that package will function properly when installed.
If you really really want a really really old version of something that depends on deprecated dependencies/libs, there’s always portable and universal package solutions that include those specific deps with it instead of relying on system libs.