The “vendor approach” is defined by the relative absorption of a 3rd party library directly into a project by creating a “vendor” directory and putting the libraries and all of it’s dependencies in that directory.
This might seem to be a reasonable solution because it means that the project is now static and embedded in your project. Sure; it has a bit of security embedded in the fact that you control what changes are implemented in the version you have locally. But unfortunately if the 3rd party lib is part of an active development process then it may be prohibitively expensive to maintain alongside your own code.
My recommendation is that you fork the code so that you have your own copy. This can get a bit hairy when the code has deeper dependencies and for that reason alone this might not be the right library for you. In my case I might build a pkg, import one 3rd party lib and the rest is limited to the standard lib. Reducing the risk based on change. This mill also make it easy to merge pull requests.