Updating the project from Angular 14 to Angular 18

Question

I have an old project which was written in Angular 14 and I am trying to upgrade that project to Angular 18.
My Angular version (Installed in my local machine):

ng version  

Project's Angular version:

Package.json:

{
  "name": "myapp",
  "version": "0.0.0",
  "scripts": {
    "ng": "ng",
    "start": "ng serve",
    "build": "ng build",
    "watch": "ng build --watch --configuration development",
    "test": "npm run test:headful:with-coverage",
    "test:headless:test-only": "ng test --karma-config karma.headless.conf.js",
    "test:headless:with-coverage": "ng test --karma-config karma.headless.conf.js --code-coverage",
    "test:headful:test-only": "ng test --karma-config karma.headful.conf.js",
    "test:headful:with-coverage": "ng test --karma-config karma.headful.conf.js --code-coverage"
  },
  "private": true,
  "dependencies": {
    "@angular/animations": "^12.2.0",
    "@angular/cdk": "^13.0.0",
    "@angular/common": "^14.2.0",
    "@angular/compiler": "^14.2.0",
    "@angular/core": "^14.2.0",
    "@angular/forms": "^14.2.0",
    "@angular/localize": "^14.2.0",
    "@angular/material": "^13.0.0",
    "@angular/material-moment-adapter": "^16.0.0",
    "@angular/platform-browser": "^14.2.0",
    "@angular/platform-browser-dynamic": "^14.2.0",
    "@angular/router": "^14.2.0",
    "@ng-bootstrap/ng-bootstrap": "^12.1.2",
    "@popperjs/core": "^2.10.2",
    "aws-amplify": "^4.3.30",
    "bootstrap": "^5.2.3",
    "bootstrap-icons": "^1.10.4",
    "chart.js": "^3.9.1",
    "chartjs-plugin-datalabels": "^2.1.0",
    "jquery": "^3.6.4",
    "leader-line": "^1.0.7",
    "moment": "^2.29.4",
    "ng2-charts": "^3.1.2",
    "ng2-search-filter": "0.4.7",
    "ngx-spinner": "^12.0.0",
    "popper.js": "^1.16.1",
    "rxjs": "~7.5.0",
    "tslib": "^2.3.0",
    "uuid": "^9.0.0",
    "xlsx": "https://cdn.sheetjs.com/xlsx-0.20.2/xlsx-0.20.2.tgz",
    "xml2js": "^0.5.0",
    "zone.js": "~0.11.4"
  },
  "devDependencies": {
    "@angular-devkit/build-angular": "^14.2.11",
    "@angular/cli": "^18.2.9",
    "@angular/compiler-cli": "^14.2.0",
    "@types/jasmine": "4.0.0",
    "@types/uuid": "9.0.1",
    "@types/xml2js": "0.4.11",
    "jasmine-core": "~4.3.0",
    "karma": "~6.4.0",
    "karma-chrome-launcher": "~3.1.0",
    "karma-coverage": "~2.2.0",
    "karma-jasmine": "~5.1.0",
    "karma-jasmine-html-reporter": "~2.0.0",
    "timers-browserify": "^2.0.12",
    "typescript": "4.7.2"
  },
  "browser": {
    "crypto": false
  }
}  

npm audit report:

# npm audit report

axios  0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install aws-amplify@6.6.6, which is a breaking change
node_modules/axios
  @aws-amplify/api-rest  <=3.5.13 || 4.0.1-api-v6-models.01b2bb8.0 - 4.0.1-unstable.cfbde4c.0
  Depends on vulnerable versions of @aws-amplify/core
  Depends on vulnerable versions of axios
  node_modules/@aws-amplify/api-rest
    @aws-amplify/api  1.0.38-preview.45 - 1.0.38-preview.121 || 1.2.5-unstable.0 - 1.3.1-ui-preview.54 || 3.0.1-preview.0 - 5.4.6-v5-upgrade-axios.519b61b.0 || 6.0.1-api-v6-models.01b2bb8.0 - 6.0.1-unstable.cfbde4c.0 || 6.0.10-oauth-refactor-fix.6dd0cce.0 - 6.0.10-unstable.ef15561.0
    Depends on vulnerable versions of @aws-amplify/api-graphql
    Depends on vulnerable versions of @aws-amplify/api-rest
    node_modules/@aws-amplify/api
      @aws-amplify/datastore  1.0.7-preview.5316 - 1.0.7-unstable.4 || 1.0.9-PR-5187.36 - 1.0.9-preview.5387 || 2.0.1-preview.0 - 4.7.15 || 5.0.1-api-v6-models.01b2bb8.0 - 5.0.1-unstable.cfbde4c.0
      Depends on vulnerable versions of @aws-amplify/api
      Depends on vulnerable versions of @aws-amplify/auth
      Depends on vulnerable versions of @aws-amplify/core
      Depends on vulnerable versions of @aws-amplify/pubsub
      node_modules/@aws-amplify/datastore
        aws-amplify  1.1.31-preview.41 - 1.1.31-unstable.20 || 1.2.5-unstable.0 - 1.3.1-ui-preview.54 || 3.0.1-preview.0 - 5.3.25 || 6.0.1-api-v6-models.01b2bb8.0 - 6.0.1-unstable.cfbde4c.0 || 6.0.10-oauth-refactor-fix.6dd0cce.0 - 6.0.10-unstable.ef15561.0 || 6.0.31-unstable.40e6b7c.0 - 6.1.3
        Depends on vulnerable versions of @aws-amplify/analytics
        Depends on vulnerable versions of @aws-amplify/api
        Depends on vulnerable versions of @aws-amplify/auth
        Depends on vulnerable versions of @aws-amplify/cache
        Depends on vulnerable versions of @aws-amplify/core
        Depends on vulnerable versions of @aws-amplify/datastore
        Depends on vulnerable versions of @aws-amplify/geo
        Depends on vulnerable versions of @aws-amplify/interactions
        Depends on vulnerable versions of @aws-amplify/predictions
        Depends on vulnerable versions of @aws-amplify/pubsub
        Depends on vulnerable versions of @aws-amplify/storage
        Depends on vulnerable versions of @aws-amplify/xr
        node_modules/aws-amplify
    @aws-amplify/api-graphql  <=3.4.21 || 4.0.1-api-v6-models.01b2bb8.0 - 4.0.1-unstable.cfbde4c.0 || 4.0.10-oauth-refactor-fix.6dd0cce.0 - 4.0.10-unstable.462761.0 || 4.4.1-events.619318.0
    Depends on vulnerable versions of @aws-amplify/api-rest
    Depends on vulnerable versions of @aws-amplify/auth
    Depends on vulnerable versions of @aws-amplify/cache
    Depends on vulnerable versions of @aws-amplify/core
    Depends on vulnerable versions of @aws-amplify/pubsub
    node_modules/@aws-amplify/api-graphql
  @aws-amplify/storage  1.0.32-preview.47 - 1.0.32-unstable.26 || 1.3.1-ui-preview.3 - 1.3.1-ui-preview.54 || 3.0.1-preview.0 - 5.9.15 || 6.0.1-api-v6-models.01b2bb8.0 - 6.0.1-unstable.cfbde4c.0 || 6.6.10-events.619318.0 - 6.6.10-unstable.5c3f17a.0
  Depends on vulnerable versions of @aws-amplify/core
  Depends on vulnerable versions of @aws-sdk/client-s3
  Depends on vulnerable versions of axios
  node_modules/@aws-amplify/storage
    @aws-amplify/predictions  3.1.4-unstable.0 - 5.5.16 || 6.0.1-api-v6-models.13c9b49.0 - 6.0.1-unstable.cfbde4c.0 || 6.1.27-events.619318.0
    Depends on vulnerable versions of @aws-amplify/core
    Depends on vulnerable versions of @aws-amplify/storage
    node_modules/@aws-amplify/predictions

cookie  <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix --force`
Will install aws-amplify@6.6.6, which is a breaking change
node_modules/universal-cookie/node_modules/cookie
  universal-cookie  <=7.2.0
  Depends on vulnerable versions of cookie
  node_modules/universal-cookie
    @aws-amplify/core  3.4.7-ui-preview.9 - 3.4.7-unstable.17 || 3.4.8-unstable.1 - 5.8.13 || 6.0.1-api-v6-models.01b2bb8.0 - 6.0.1-unstable.cfbde4c.0
    Depends on vulnerable versions of universal-cookie
    node_modules/@aws-amplify/core
      @aws-amplify/analytics  3.2.8-ui-preview.9 - 3.2.8-unstable.17 || 3.2.9-unstable.1 - 6.5.13 || 7.0.1-api-v6-models.01b2bb8.0 - 7.0.1-unstable.cfbde4c.0 || 7.0.52-events.619318.0
      Depends on vulnerable versions of @aws-amplify/cache
      Depends on vulnerable versions of @aws-amplify/core
      node_modules/@aws-amplify/analytics
      @aws-amplify/auth  3.3.6-ui-preview.9 - 3.3.6-unstable.17 || 3.3.7-unstable.1 - 5.6.14 || 6.0.1-api-v6-models.01b2bb8.0 - 6.0.1-unstable.cfbde4c.0 || 6.0.10-oauth-refactor-fix.6dd0cce.0 - 6.0.10-unstable.ef15561.0
      Depends on vulnerable versions of @aws-amplify/cache
      Depends on vulnerable versions of @aws-amplify/core
      node_modules/@aws-amplify/auth
      @aws-amplify/cache  3.1.24-ui-preview.9 - 3.1.24-unstable.17 || >=3.1.25-unstable.1
      Depends on vulnerable versions of @aws-amplify/core
      node_modules/@aws-amplify/cache
        @aws-amplify/pubsub  3.0.25-ui-preview.9 - 3.0.25-unstable.17 || 3.0.26-unstable.1 - 5.6.1 || 6.0.1-api-v6-models.01b2bb8.0 - 6.0.1-unstable.cfbde4c.0 || 6.1.27-events.619318.0
        Depends on vulnerable versions of @aws-amplify/auth
        Depends on vulnerable versions of @aws-amplify/cache
        Depends on vulnerable versions of @aws-amplify/core
        node_modules/@aws-amplify/pubsub
      @aws-amplify/geo  <=2.3.13 || 3.0.1-api-v6-models.01b2bb8.0 - 3.0.1-unstable.cfbde4c.0
      Depends on vulnerable versions of @aws-amplify/core
      Depends on vulnerable versions of @aws-sdk/client-location
      node_modules/@aws-amplify/geo
      @aws-amplify/interactions  3.1.24-ui-preview.9 - 3.1.24-unstable.17 || 3.2.1-unstable.1 - 5.2.20
      Depends on vulnerable versions of @aws-amplify/core
      Depends on vulnerable versions of @aws-sdk/client-lex-runtime-service
      Depends on vulnerable versions of @aws-sdk/client-lex-runtime-v2
      node_modules/@aws-amplify/interactions
      @aws-amplify/xr  2.1.24-ui-preview.9 - 2.1.24-unstable.17 || >=2.1.25-unstable.1
      Depends on vulnerable versions of @aws-amplify/core
      node_modules/@aws-amplify/xr

fast-xml-parser  <4.1.2
Severity: moderate
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name - https://github.com/advisories/GHSA-x3cc-x39p-42qx
fix available via `npm audit fix --force`
Will install aws-amplify@6.6.6, which is a breaking change
node_modules/@aws-sdk/client-sts/node_modules/fast-xml-parser
node_modules/fast-xml-parser
  @aws-sdk/client-s3  <=3.6.1 || 3.7.0 - 3.272.0
  Depends on vulnerable versions of fast-xml-parser
  node_modules/@aws-sdk/client-s3
  @aws-sdk/client-sts  <=3.54.1 || 3.55.0 - 3.186.0 || 3.188.0 - 3.272.0
  Depends on vulnerable versions of fast-xml-parser
  node_modules/@aws-sdk/client-sts
    @aws-sdk/client-lex-runtime-service  3.12.0 - 3.186.0 || 3.188.0 - 3.272.0
    Depends on vulnerable versions of @aws-sdk/client-sts
    node_modules/@aws-sdk/client-lex-runtime-service
    @aws-sdk/client-lex-runtime-v2  <=3.186.0 || 3.188.0 - 3.272.0
    Depends on vulnerable versions of @aws-sdk/client-sts
    node_modules/@aws-sdk/client-lex-runtime-v2
    @aws-sdk/client-location  <=3.186.0 || 3.188.0 - 3.272.0
    Depends on vulnerable versions of @aws-sdk/client-sts
    node_modules/@aws-sdk/client-location

webpack  5.0.0-alpha.0 - 5.93.0
Severity: moderate
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS - https://github.com/advisories/GHSA-4vvj-4cpr-p986
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@18.2.10, which is a breaking change
node_modules/@angular-devkit/build-angular/node_modules/webpack
  @angular-devkit/build-angular  <=16.2.14 || 17.0.0-next.0 - 17.3.8 || 18.0.0-next.0 - 18.2.1 || 19.0.0-next.0 - 19.0.0-next.1
  Depends on vulnerable versions of webpack
  Depends on vulnerable versions of webpack-dev-middleware
  node_modules/@angular-devkit/build-angular

webpack-dev-middleware  <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via `npm audit fix --force`
Will install @angular-devkit/build-angular@18.2.10, which is a breaking change
node_modules/webpack-dev-middleware

27 vulnerabilities (8 low, 17 moderate, 2 high)  

How can I update the project from Angular 14 to Angular 18 without breaking the changes?