CocoaPods 1.13.0 enables APPLICATION_EXTENSION_API_ONLY for all Pods, even those not used in extensions

[CodingMarkus]

• I've read and understood the CONTRIBUTING guidelines and have done my best effort to follow.

Report

What did you do?

I installed an update of some pod, but the pod itself is unrelated to the problem.

What did you expect to happen?

Nothing despite this one pod being updated.

What happened instead?

All pods got the build setting APPLICATION_EXTENSION_API_ONLY enabled for iOS, even those that are never used anywhere else but within the main application.

CocoaPods Environment

Stack

   CocoaPods : 1.13.0
        Ruby : ruby 2.6.10p210 (2022-04-12 revision 67958) [universal.arm64e-darwin23]
    RubyGems : 3.0.3.1
        Host : macOS 14.0 (23A344)
       Xcode : 14.3.1 (14E300c)
         Git : git version 2.39.2 (Apple Git-143)
Ruby lib dir : /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/lib
Repositories : master - git - https://github.com/CocoaPods/Specs.git @ de2b76df0846cf6e7a9a6a422c1e59a5480e18db

               trunk - CDN - https://cdn.cocoapods.org/

Installation Source

Executable Path: /usr/local/bin/pod

Plugins

cocoapods-deintegrate : 1.0.5
cocoapods-plugins     : 1.0.0
cocoapods-search      : 1.0.1
cocoapods-trunk       : 1.6.0
cocoapods-try         : 1.2.0

Podfile

I cannot show you the full Podfile as that would give away tons of cooperate internals. But I can show you stripped down parts to demonstrate the problem:

DEPLOYMENT_TARGET_IOS = '15'
DEPLOYMENT_TARGET_MACOS = '10.13'

ENV["COCOAPODS_DISABLE_STATS"] = "true"

source "https://cdn.cocoapods.org/"

# =============================================================================
# Common Frameworks

def rudderPod
	pod 'Rudder'
end


# =============================================================================
# Application

target 'Application macOS' do
	platform :osx, DEPLOYMENT_TARGET_MACOS

	# ...

	rudderPod
end


def iOSAppPods

	# ...
	rudderPod
end


target 'Application iOS' do
	platform :ios, DEPLOYMENT_TARGET_IOS

	iOSAppPods
end

The Rudder pod is not used anywhere else in the entire Podfile. It's only embedded into two targets, that are both applications. There is absolutely no reason to have APPLICATION_EXTENSION_API_ONLY enabled for pods integrated into applications.

We have APPLICATION_EXTENSION_API_ONLY globally enabled, as most targets in fact do need it but applications don't, they both have it disabled and Rudder is not integrated into anything other than that.

Yet the Rudder config file for iOS has APPLICATION_EXTENSION_API_ONLY = YES as the very first entry. Note that config file for macOS has not! And yes, the iOS app does have two app extensions but those are not using Rudder, Rudder is not embedded into them.

And this is a problem, as Rudder is accessing API that is not considered to be safe in extensions and that is totally okay as it isn't used in any extension. And Rudder is here only an example, as APPLICATION_EXTENSION_API_ONLY has been used for all Pods being used by the iOS app. Some of those are used in an extension, so that would be okay but others are not.