This seems to me like a false dillema between forced upgrade due to dependencies and not using shared libraries.
I think that there is in general no technical problem to have multiple versions of the same library installed (files in /usr/lib are versioned anyway and for other data the libraries can be compiled with prefix including version).
Then, package system could handle different major/minor versions of libraries as different entities, handle upgrade of major/minor versions through dependencies from installed/upgraded packages, and only upgrade library directly for patch-version change (i.e. security bugfix).
In such setup, there would be several instances of a popular library installed on a system, but not say hundreds partial instances statically compiled-in to applications. And it still allows simple updates of libraries for patch fixes.
I think that there is in general no technical problem to have multiple versions of the same library installed (files in /usr/lib are versioned anyway and for other data the libraries can be compiled with prefix including version).
Then, package system could handle different major/minor versions of libraries as different entities, handle upgrade of major/minor versions through dependencies from installed/upgraded packages, and only upgrade library directly for patch-version change (i.e. security bugfix).
In such setup, there would be several instances of a popular library installed on a system, but not say hundreds partial instances statically compiled-in to applications. And it still allows simple updates of libraries for patch fixes.