If you aren't using ansi-html directly but rely on dependencies that use it, you should instead set up a resolutions section in package.json. (You should never edit package-lock.json directly since it is regenerated every time you run npm install). You just need to provide a link to the tarball where you would normally specify the overriding version number. Your resolutions section of package.json should look like this:

"resolutions": {
    "ansi-html": "https://registry.npmjs.org/ansi-html-community/-/ansi-html-community-0.0.8.tgz"
}

Please refer to this post for more details:

How to override a nested npm sub-dependency with a different package altogether (not just different package version number)?

Uncontrolled Resource Consumption in ansi-html (CVE-2021-23424) is a vulnerability that won’t be fixed by the project’s author, since it’s been abandoned and there won’t be a patched version of ansi-html.

You just have to go to package-lock.json and find the line with:

"ansi-html": {
  "version": "0.0.7",
  "resolved": "https://registry.npmjs.org/ansi-html/-/ansi-html-0.0.7.tgz",
  "integrity": "sha1-gTWEAhliqenm/QOflA0S9WynhZ4="

And replace with this:

"ansi-html-community": {
  "version": "0.0.8",
  "resolved": "https://registry.npmjs.org/ansi-html-community/-/ansi-html-community-0.0.8.tgz",
  "integrity": "sha512-1APHAyr3+PCamwNw3bXCPp4HFLONZt/yIH0sZp0/469KWNTEy+qN5jQ3GVX6DMZ1UXAi34yVwtTeaG/HpBuuzw=="

And this line in the same file:

"dependencies": {
    "ansi-html": "^0.0.7",

Replace with:

"dependencies": {
    "ansi-html-community": "^0.0.8",

Then just type npm update and thats it.

You can get more info in this link.

And check the entire commit here.

Updating your Angular to the latest version (Angular 13 is the latest version for now) will solve your problem! Cheers!