The SHA-1 ban in the Baseline Requirements only applies to certificates issued for the purpose of TLS encryption. Individual root programs (like Mozilla, Apple, Microsoft, etc.) might have additional requirements for certificates that chain back to a root certificate in their trust store. As an example, Mozilla’s policy requires that SHA-1 certificates chain back to an intermediate certificate that cannot be used for TLS (i.e. lacks the relevant EKUs).
I’m not aware of a similar ban for S/MIME or code signing certificates, and to my knowledge CAs continue to issue at least SHA-1 code signing certificates, perhaps even S/MIME. Unfortunately there’s no comparable document to the Baseline Requirements for these certificate types, so it is mostly a matter of root program policy.