The workflow has been disabled to run on a scheduled basis in https://github.com/spring-projects/spring-security/issues/14732.
That happened because we might have different needs for different branches, for example, we might want to accept minor versions for the main branch while only accepting patch versions for the other branches. The tool used to generate the dependabot.yml based on the template should be updated to consider such scenarios.