First of all, if you bump the version of private dependency, this doesn't have any influence on your own version. It's just an implementation detail, and they can be changed in any version bump, including patches.
If you bump the version of public dependency (i.e. of something which appears in your API), however, that's the different story. In general, this change would be breaking, so you have to bump your own version too.
About 0.x in particular. In Semver, 0.x.y is treated as incompatible to 0.a.b, no matter the values for x, y, a and b (except the exact same versions, of course). In Cargo, 0.x.y is treated as compatible with 0.x.z, i.e., for 0.x versions, x is treated as a "effectively major", and it is expected that breaking changes will lead to its bump.
Together, this means that change from 0.1 to 0.2 in public API is generally breaking, as it would be in Semver; but change from 0.1.1 to 0.1.2, unlike Semver, is considered to be non-breaking.