Figure out a strategy for updating public dependencies

[ehuss]

We are currently not able to update public dependencies exposed in the API due to semver breakage. There probably should be some strategy for how to handle this. For example, public re-exporting the crates so that users can keep the version in sync. Another alternative is to hide these via wrappers or shrinking the number of pub items.

Currently this affects:

• anyhow
• toml
• pulldown-cmark

Separately, backwards-incompatible behavioral changes in some dependencies may impact compatibility in a way that can't be detected automatically, such as:

• handlebars: If .hbs files are interpreted differently, or broken.

[max-sixty]

Would upgrading them and publishing an mdbook 0.5.0 make sense?

We're currently locked on an older version of pulldown-cmark in PRQL since we're pinned to the mdbook version...

Thank you!

[danieleades]

these are all leaky abstractions. It makes sense to release a new major version of md book that hides these abstractions behind interfaces so that future breaking changes can be avoided.

see #2037

using deprecations would be a nice way to help users migrate