This goes not just for dependency injection, but for anything where there's an option to use both XML configuration and annotations: Prefer annotations for settings that are unlikely to change, and XML for settings that can change after deployment.
Actually, java configuration is the way to go*. Main reasons for this are that this means the configuration is in one central place (same as XML), but also it provides type safety.
However as soon as you start using anything like spring boot, you will also start to use component scanning to configure resources, as well as using java config for the dependency injection in your code.
* with two exceptions (IMHO) - XML is far easier to understand when using security and integration. And STS can display a graphical representation of the integration components when used with XML.