I don't think you can 'disable' YUI as there are still some parts that use it. It shouldn't matter. What are you trying to do?
Is there a possibility that the latest jQuery version will be integrated into moodle in one of the next patches? Or isn't moodle affected by this vulnerability in jQuery 3.4.1 at all?
I can confirm there is already an issue logged in Tracker to upgrade jQuery to 3.5.1. Please be aware that that as per our Security Procedures, the best thing to do if you suspect Moodle or any of its third party libraries have a potential security issue, is to raise a security issue in Tracker or send us an email (rather than posting in a public forum).
I cannot find the issue to upgrade jQuery to 3.5.1 in Tracker. Is there are special place for security tickets?
Is there any update on this issue?
I am currently working on upgrading of jQuery. Will submit issue for review soon