It appears that optional dependencies are never upgraded when loading detached and bundled plugins, even if the installed version is older than a version requested by one of the bundled plugins. Discovered by danielbeck while investigating JENKINS-48604, see https://github.com/jenkinsci/jenkins/pull/3201#discussion_r157554680 for the initial comment, and commit eb77e5f for an untested fix.

I don't have an actual example of this in the wild, but here is the idea of how to reproduce:

1. Assume a plugin artifactA with two releases: 1.0 and 2.0
2. Assume a plugin artifactB, with a single release 1.0, which has an optional dependency on artifactA:2.0
3. Create a fresh Jenkins installation and install a plugin artifactA:1.0.
4. Upgrade Jenkins using a jenkins.war which has artifactB:1.0 bundled in /WEB-INF/plugins.
5. Expected Result: artifactA should be automatically updated to 2.0.
6. Actual Result: artifactA is still 1.0.