Docker automatically upgrades if you tell it to by specifying “latest” or not specifying a version number. But it only upgrades if you issue the pull command or the compose up command. There are ways to start without a pull like using start or restart. So yes, there was warning and something you did actively told it to upgrade.
And it’s really bad practice to update any software without testing, especially between breaking/major version numbers.
Finally, it’s not uncommon for a platform to release its update and then the plugins or addons to follow. Especially with major updates that require lots of testing before release. This allows plugin/add-on makers to fully test their software with the release version of the platform rather than all of the plugin makers having to wait for one that may be lagging behind.
Which is why this will be fleeting if it ever gets implemented at all. Companies won’t allow it until they can spin it to their satisfaction. For now if it’s just CA, they can say “oh crazy CA and their crazy regulations” just like they say about the cancer warnings which actually are quite useful in reducing your lifetime cumulative exposure even if the chemicals from a single product won’t kill you immediately.