This is the first plugin release we seen being forcibly updated by WordPress, since we released our update of Simple History that included Detection of forced plugin updates.
This time it was WooCommerce that was auto-updated from 10.5.2 to 10.5.3 on one of our websites. And it was a security update that was forced to install because it includes “important security hardening for the Store API batch endpoint”.
Without having Simple History installed we would ha no idea that the plugin was updated or why.
(For the tech savvy we wrote a blog post of what we did to detect these auto updates.)