First of all, if you bump the version of private dependency, this doesn't have any influence on your own version. It's just an implementation detail, and they can be changed in any version bump, including patches.
If you bump the version of public dependency (i.e. of something which appears in your API), however, that's the different story. In general, this change would be breaking, so you have to bump your own version too.
About 0.x in particular. In Semver, 0.x.y is treated as incompatible to 0.a.b, no matter the values for x, y, a and b (except the exact same versions, of course). In Cargo, 0.x.y is treated as compatible with 0.x.z, i.e., for 0.x versions, x is treated as a "effectively major", and it is expected that breaking changes will lead to its bump.
Together, this means that change from 0.1 to 0.2 in public API is generally breaking, as it would be in Semver; but change from 0.1.1 to 0.1.2, unlike Semver, is considered to be non-breaking.
To clarify private/public dependency: if in your crate you have pub use someothercate::SomeType that's visible to users, that makes it a public dependency. Similarly if you have a public function that takes or returns types from another crate, that makes it a public dependency. This is because in Rust/Cargo structs and enums are versioned, and structs from different major versions of the same crate are considered incompatible.
As for how 0.x works in Cargo: major version is the first non-zero number in the version, so 0.1.x and 0.2.x are as incompatible as 1.x.x and 2.x.x.
Unless of course the version bump in the private dependency creates a
breaking change in your library.
For example, if you provide a strong guarantee that your library can be
used with Rust version 1.52, and the new private dependency has MSRV
1.56, then – depending on your policy re MSRV – you may need to do a
major version bump, too.