feat(container): update image docker.io/qmcgaw/gluetun to v3.33.0

[snoopy82481-bot]

This PR contains the following updates:

Package	Update	Change
docker.io/qmcgaw/gluetun	minor	v3.32.0 -> v3.33.0

---

Release Notes

qdm12/gluetun

v3.33.0

Compare Source

Features

• WIREGUARD_IMPLEMENTATION variable which can be auto (default), userspace or kernelspace
• gchr.io/qdm12/gluetun Docker image mirror
• Alpine upgraded from 3.16 to 3.17
• OpenVPN upgraded from 2.5.6 to 2.5.8 built with OpenSSL 3
• OpenSSL 1.1.* installed separately to maintain OpenVPN 2.4 working
• Logging:
  • log FAQ Github Wiki URL when the VPN internally restarts
  • Warn Openvpn 2.4 is to be removed in the next release
  • Warn when using SlickVPN or VPN Unlimited due to their weak certificates
  • Warn Hide My Ass is no longer supported (credits to @​Fukitsu)
  • OpenVPN RTNETLINK answers: File exists changed to warning level with explanation
  • OpenVPN Linux route add command failed: changed to warning level with explanation
  • Log IPv6 support at debug level with more information instead of at the info level
• Update servers data: AirVPN, FastestVPN, Mullvad, Surfshark, Private Internet Access
• Netlink: add debug logger (no use yet)
• Surfshark: add 2 new 'HK' servers
• Install Alpine wget package (fixes #​1260, #​1494 due to busybox's buggy wget)
• OpenVPN: transparently upgrade key encryption for DES-CBC encrypted keys (VPN Secure)

Important fixes

• Exit with code 1 on a program error
• Profiling server: do not run if disabled
• IPv6 detection: inspect each route source and destination for buggy kernels/container runtimes
• iptables detection: better interpret permission denied for buggy kernels/container runtimes
• FastestVPN: update OpenVPN zip file URL for the updater (#​1264)
• IPVanish: update OpenVPN zip file URL for the updater (#​1449)
• Surfshark: remove 3 servers no longer resolving
• AirVPN:
  • remove commas from API locations
  • remove commas from city names
• VPN Unlimited: lower TLS security level to 0 to allow weak certificates to work with Openvpn 2.5.8+Openssl 3
• SlickVPN
  • explicitely allow AES-256-GCM cipher
  • lower TLS security level to 0 to allow SlickVPN's weak certificates to work with Openvpn 2.5.8+Openssl 3
  • All servers support TCP and UDP
  • Precise default TCP port as 443

Documentation

• Document new docker image gchr.io/qdm12/gluetun
• Add servers updater environment variables (#​1393)
• Update Github labels:
  • remove issue category labels
  • Add temporary status labels
  • Add complexity labels

Minor fixes

• Firewall: remove previously allowed input ports
• HTTP proxy: lower shutdown wait from 2s to 100ms
• Private Internet Access: remove credentials from login error string
• Wireguard:
  • validate Wireguard addresses depending on IPv6 support
  • ignore IPv6 interface addresses if IPv6 is not supported
• Healthcheck client: set unset health settings to defaults
• Print outbound subnets settings correctly
• github.com/breml/rootcerts from 0.2.8 to 0.2.10
• Add subprogram name in version check error

Maintenance

• Development tooling:
  • Go upgraded from 1.19 to 1.20
  • Development container has the same ssh bind mount for all platforms
  • Development container has openssl installed
  • golangci-lint upgraded from v1.49.0 to v1.51.2
  • github.com/stretchr/testify upgraded from 1.8.1 to 1.8.2
• Dependencies
  • golang.org/x/text upgraded from 0.4.0 to 0.8.0
  • github.com/fatih/color upgraded from 1.13.0 to 1.14.1
  • golang.org/x/sys upgraded from 0.3.0 to 0.6.0
  • Remove no longer needed apk-tools
• Code health
  • Add comments for OpenVPN settings fields about their base64 DER encoding
  • internal/openvpn/extract: simplify PEM extraction function
  • Review all error wrappings
    • remove repetitive cannot and failed prefixes
    • rename unmarshaling to decoding
• CI
  • docker/build-push-action upgraded from 3.2.0 to 4.0.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[snoopy82481-bot]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ COPYPASTE	jscpd	yes		no	1.69s
✅ REPOSITORY	git_diff	yes		no	0.02s
✅ REPOSITORY	secretlint	yes		no	2.23s
✅ YAML	prettier	1		0	0.53s
✅ YAML	yamllint	1		0	0.29s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by